diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 7d0346ed09..6239379a43 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -20,6 +20,7 @@ Thanks, you're awesome :-) --> * Added `http.request.id`. #1208 * Added `cloud.service.name`. #1204 * Added `hash.ssdeep`. #1169 +* Added additional host fields. #1248 * Added `geo.timezone`, `geo.postal_code`, and `geo.continent_code`. #1229 #### Improvements diff --git a/code/go/ecs/host.go b/code/go/ecs/host.go index f3afb6b871..4953427208 100644 --- a/code/go/ecs/host.go +++ b/code/go/ecs/host.go @@ -68,4 +68,35 @@ type Host struct { // or NetBIOS domain name. For Linux this could be the domain of the host's // LDAP provider. Domain string `ecs:"domain"` + + // Percent CPU used which is normalized by the number of CPU cores and it + // ranges from 0 to 1. + // Scaling factor: 1000. + // For example: For a two core host, this value should be the average of + // the two cores, between 0 and 1. + CpuUsage float64 `ecs:"cpu.usage"` + + // The total number of bytes (gauge) read successfully (aggregated from all + // disks) since the last metric collection. + DiskReadBytes int64 `ecs:"disk.read.bytes"` + + // The total number of bytes (gauge) written successfully (aggregated from + // all disks) since the last metric collection. + DiskWriteBytes int64 `ecs:"disk.write.bytes"` + + // The number of bytes received (gauge) on all network interfaces by the + // host since the last metric collection. + NetworkIngressBytes int64 `ecs:"network.ingress.bytes"` + + // The number of packets (gauge) received on all network interfaces by the + // host since the last metric collection. + NetworkIngressPackets int64 `ecs:"network.ingress.packets"` + + // The number of bytes (gauge) sent out on all network interfaces by the + // host since the last metric collection. + NetworkEgressBytes int64 `ecs:"network.egress.bytes"` + + // The number of packets (gauge) sent out on all network interfaces by the + // host since the last metric collection. + NetworkEgressPackets int64 `ecs:"network.egress.packets"` } diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 12cfbc5870..56ec0e8bbe 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -3188,6 +3188,64 @@ example: `x86_64` // =============================================================== +| +[[field-host-cpu-usage]] +<> + +| beta:[ This field is currently considered beta. ] + +Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. + +Scaling factor: 1000. + +For example: For a two core host, this value should be the average of the two cores, between 0 and 1. + +type: scaled_float + + + + + +| extended + +// =============================================================== + +| +[[field-host-disk-read-bytes]] +<> + +| beta:[ This field is currently considered beta. ] + +The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. + +type: long + + + + + +| extended + +// =============================================================== + +| +[[field-host-disk-write-bytes]] +<> + +| beta:[ This field is currently considered beta. ] + +The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. + +type: long + + + + + +| extended + +// =============================================================== + | [[field-host-domain]] <> @@ -3302,6 +3360,78 @@ type: keyword // =============================================================== +| +[[field-host-network-egress-bytes]] +<> + +| beta:[ This field is currently considered beta. ] + +The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + + + + + +| extended + +// =============================================================== + +| +[[field-host-network-egress-packets]] +<> + +| beta:[ This field is currently considered beta. ] + +The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + + + + + +| extended + +// =============================================================== + +| +[[field-host-network-ingress-bytes]] +<> + +| beta:[ This field is currently considered beta. ] + +The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. + +type: long + + + + + +| extended + +// =============================================================== + +| +[[field-host-network-ingress-packets]] +<> + +| beta:[ This field is currently considered beta. ] + +The number of packets (gauge) received on all network interfaces by the host since the last metric collection. + +type: long + + + + + +| extended + +// =============================================================== + | [[field-host-type]] <> diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 40563448ef..ad713b3658 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -2222,7 +2222,9 @@ level: extended type: scaled_float description: 'Percent CPU used which is normalized by the number of CPU cores - and it ranges from 0 to 1. Scaling factor: 1000. + and it ranges from 0 to 1. + + Scaling factor: 1000. For example: For a two core host, this value should be the average of the two cores, between 0 and 1.' diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index ba35594e18..54583bb5ad 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -3355,9 +3355,12 @@ host.architecture: short: Operating system architecture. type: keyword host.cpu.usage: + beta: This field is currently considered beta. dashed_name: host-cpu-usage description: 'Percent CPU used which is normalized by the number of CPU cores and - it ranges from 0 to 1. Scaling factor: 1000. + it ranges from 0 to 1. + + Scaling factor: 1000. For example: For a two core host, this value should be the average of the two cores, between 0 and 1.' @@ -3369,6 +3372,7 @@ host.cpu.usage: short: Percent CPU used, between 0 and 1. type: scaled_float host.disk.read.bytes: + beta: This field is currently considered beta. dashed_name: host-disk-read-bytes description: The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. @@ -3379,6 +3383,7 @@ host.disk.read.bytes: short: The number of bytes read by all disks. type: long host.disk.write.bytes: + beta: This field is currently considered beta. dashed_name: host-disk-write-bytes description: The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. @@ -3606,6 +3611,7 @@ host.name: short: Name of the host. type: keyword host.network.egress.bytes: + beta: This field is currently considered beta. dashed_name: host-network-egress-bytes description: The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. @@ -3616,6 +3622,7 @@ host.network.egress.bytes: short: The number of bytes sent on all network interfaces. type: long host.network.egress.packets: + beta: This field is currently considered beta. dashed_name: host-network-egress-packets description: The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. @@ -3626,6 +3633,7 @@ host.network.egress.packets: short: The number of packets sent on all network interfaces. type: long host.network.ingress.bytes: + beta: This field is currently considered beta. dashed_name: host-network-ingress-bytes description: The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. @@ -3636,6 +3644,7 @@ host.network.ingress.bytes: short: The number of bytes received on all network interfaces. type: long host.network.ingress.packets: + beta: This field is currently considered beta. dashed_name: host-network-ingress-packets description: The number of packets (gauge) received on all network interfaces by the host since the last metric collection. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index ff10e027f4..a0bb8d6a76 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -4092,9 +4092,12 @@ host: short: Operating system architecture. type: keyword host.cpu.usage: + beta: This field is currently considered beta. dashed_name: host-cpu-usage description: 'Percent CPU used which is normalized by the number of CPU cores - and it ranges from 0 to 1. Scaling factor: 1000. + and it ranges from 0 to 1. + + Scaling factor: 1000. For example: For a two core host, this value should be the average of the two cores, between 0 and 1.' @@ -4106,6 +4109,7 @@ host: short: Percent CPU used, between 0 and 1. type: scaled_float host.disk.read.bytes: + beta: This field is currently considered beta. dashed_name: host-disk-read-bytes description: The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. @@ -4116,6 +4120,7 @@ host: short: The number of bytes read by all disks. type: long host.disk.write.bytes: + beta: This field is currently considered beta. dashed_name: host-disk-write-bytes description: The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. @@ -4346,6 +4351,7 @@ host: short: Name of the host. type: keyword host.network.egress.bytes: + beta: This field is currently considered beta. dashed_name: host-network-egress-bytes description: The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. @@ -4356,6 +4362,7 @@ host: short: The number of bytes sent on all network interfaces. type: long host.network.egress.packets: + beta: This field is currently considered beta. dashed_name: host-network-egress-packets description: The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. @@ -4366,6 +4373,7 @@ host: short: The number of packets sent on all network interfaces. type: long host.network.ingress.bytes: + beta: This field is currently considered beta. dashed_name: host-network-ingress-bytes description: The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. @@ -4376,6 +4384,7 @@ host: short: The number of bytes received on all network interfaces. type: long host.network.ingress.packets: + beta: This field is currently considered beta. dashed_name: host-network-ingress-packets description: The number of packets (gauge) received on all network interfaces by the host since the last metric collection. diff --git a/experimental/schemas/host.yml b/experimental/schemas/host.yml index b7b57cfc09..91f3d1bbc2 100644 --- a/experimental/schemas/host.yml +++ b/experimental/schemas/host.yml @@ -1,65 +1,4 @@ - name: host fields: - # RFC 0005 - - name: cpu.usage - type: scaled_float - scaling_factor: 1000 - level: extended - short: Percent CPU used, between 0 and 1. - description: > - Percent CPU used which is normalized by the number of CPU cores and it - ranges from 0 to 1. Scaling factor: 1000. - - For example: For a two core host, this value should be the average of the - two cores, between 0 and 1. - - - name: network.ingress.bytes - type: long - level: extended - short: The number of bytes received on all network interfaces. - description: > - The number of bytes received (gauge) on all network interfaces by the - host since the last metric collection. - - - name: network.ingress.packets - type: long - level: extended - short: The number of packets received on all network interfaces. - description: > - The number of packets (gauge) received on all network interfaces by the - host since the last metric collection. - - - name: network.egress.bytes - type: long - level: extended - short: The number of bytes sent on all network interfaces. - description: > - The number of bytes (gauge) sent out on all network interfaces by the - host since the last metric collection. - - - name: network.egress.packets - type: long - level: extended - short: The number of packets sent on all network interfaces. - description: > - The number of packets (gauge) sent out on all network interfaces by the - host since the last metric collection. - - - name: disk.read.bytes - type: long - level: extended - short: The number of bytes read by all disks. - description: > - The total number of bytes (gauge) read successfully (aggregated from all - disks) since the last metric collection. - - - name: disk.write.bytes - type: long - level: extended - short: The number of bytes written on all disks. - description: > - The total number of bytes (gauge) written successfully (aggregated from - all disks) since the last metric collection. - - name: hostname type: wildcard diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 0224230cf0..4440e042c4 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2195,6 +2195,30 @@ ignore_above: 1024 description: Operating system architecture. example: x86_64 + - name: cpu.usage + level: extended + type: scaled_float + description: 'Percent CPU used which is normalized by the number of CPU cores + and it ranges from 0 to 1. + + Scaling factor: 1000. + + For example: For a two core host, this value should be the average of the + two cores, between 0 and 1.' + scaling_factor: 1000 + default_field: false + - name: disk.read.bytes + level: extended + type: long + description: The total number of bytes (gauge) read successfully (aggregated + from all disks) since the last metric collection. + default_field: false + - name: disk.write.bytes + level: extended + type: long + description: The total number of bytes (gauge) written successfully (aggregated + from all disks) since the last metric collection. + default_field: false - name: domain level: extended type: keyword @@ -2323,6 +2347,30 @@ It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' + - name: network.egress.bytes + level: extended + type: long + description: The number of bytes (gauge) sent out on all network interfaces + by the host since the last metric collection. + default_field: false + - name: network.egress.packets + level: extended + type: long + description: The number of packets (gauge) sent out on all network interfaces + by the host since the last metric collection. + default_field: false + - name: network.ingress.bytes + level: extended + type: long + description: The number of bytes received (gauge) on all network interfaces + by the host since the last metric collection. + default_field: false + - name: network.ingress.packets + level: extended + type: long + description: The number of packets (gauge) received on all network interfaces + by the host since the last metric collection. + default_field: false - name: os.family level: extended type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index fff03bd7ae..d55b49ecd4 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -239,6 +239,9 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev,true,group,group.id,keyword,extended,,,Unique identifier for the group on the system/platform. 2.0.0-dev,true,group,group.name,keyword,extended,,,Name of the group. 2.0.0-dev,true,host,host.architecture,keyword,core,,x86_64,Operating system architecture. +2.0.0-dev,true,host,host.cpu.usage,scaled_float,extended,,,"Percent CPU used, between 0 and 1." +2.0.0-dev,true,host,host.disk.read.bytes,long,extended,,,The number of bytes read by all disks. +2.0.0-dev,true,host,host.disk.write.bytes,long,extended,,,The number of bytes written on all disks. 2.0.0-dev,true,host,host.domain,keyword,extended,,CONTOSO,Name of the directory the group is a member of. 2.0.0-dev,true,host,host.geo.city_name,keyword,core,,Montreal,City name. 2.0.0-dev,true,host,host.geo.continent_code,keyword,core,,NA,Continent code. @@ -256,6 +259,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev,true,host,host.ip,ip,core,array,,Host ip addresses. 2.0.0-dev,true,host,host.mac,keyword,core,array,"[""00-00-5E-00-53-23"", ""00-00-5E-00-53-24""]",Host MAC addresses. 2.0.0-dev,true,host,host.name,keyword,core,,,Name of the host. +2.0.0-dev,true,host,host.network.egress.bytes,long,extended,,,The number of bytes sent on all network interfaces. +2.0.0-dev,true,host,host.network.egress.packets,long,extended,,,The number of packets sent on all network interfaces. +2.0.0-dev,true,host,host.network.ingress.bytes,long,extended,,,The number of bytes received on all network interfaces. +2.0.0-dev,true,host,host.network.ingress.packets,long,extended,,,The number of packets received on all network interfaces. 2.0.0-dev,true,host,host.os.family,keyword,extended,,debian,"OS family (such as redhat, debian, freebsd, windows)." 2.0.0-dev,true,host,host.os.full,keyword,extended,,Mac OS Mojave,"Operating system name, including the version or code name." 2.0.0-dev,true,host,host.os.full.text,text,extended,,Mac OS Mojave,"Operating system name, including the version or code name." diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index b92392d17e..9057ad0999 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -3336,6 +3336,45 @@ host.architecture: normalize: [] short: Operating system architecture. type: keyword +host.cpu.usage: + beta: This field is currently considered beta. + dashed_name: host-cpu-usage + description: 'Percent CPU used which is normalized by the number of CPU cores and + it ranges from 0 to 1. + + Scaling factor: 1000. + + For example: For a two core host, this value should be the average of the two + cores, between 0 and 1.' + flat_name: host.cpu.usage + level: extended + name: cpu.usage + normalize: [] + scaling_factor: 1000 + short: Percent CPU used, between 0 and 1. + type: scaled_float +host.disk.read.bytes: + beta: This field is currently considered beta. + dashed_name: host-disk-read-bytes + description: The total number of bytes (gauge) read successfully (aggregated from + all disks) since the last metric collection. + flat_name: host.disk.read.bytes + level: extended + name: disk.read.bytes + normalize: [] + short: The number of bytes read by all disks. + type: long +host.disk.write.bytes: + beta: This field is currently considered beta. + dashed_name: host-disk-write-bytes + description: The total number of bytes (gauge) written successfully (aggregated + from all disks) since the last metric collection. + flat_name: host.disk.write.bytes + level: extended + name: disk.write.bytes + normalize: [] + short: The number of bytes written on all disks. + type: long host.domain: dashed_name: host-domain description: 'Name of the domain of which the host is a member. @@ -3555,6 +3594,50 @@ host.name: normalize: [] short: Name of the host. type: keyword +host.network.egress.bytes: + beta: This field is currently considered beta. + dashed_name: host-network-egress-bytes + description: The number of bytes (gauge) sent out on all network interfaces by the + host since the last metric collection. + flat_name: host.network.egress.bytes + level: extended + name: network.egress.bytes + normalize: [] + short: The number of bytes sent on all network interfaces. + type: long +host.network.egress.packets: + beta: This field is currently considered beta. + dashed_name: host-network-egress-packets + description: The number of packets (gauge) sent out on all network interfaces by + the host since the last metric collection. + flat_name: host.network.egress.packets + level: extended + name: network.egress.packets + normalize: [] + short: The number of packets sent on all network interfaces. + type: long +host.network.ingress.bytes: + beta: This field is currently considered beta. + dashed_name: host-network-ingress-bytes + description: The number of bytes received (gauge) on all network interfaces by the + host since the last metric collection. + flat_name: host.network.ingress.bytes + level: extended + name: network.ingress.bytes + normalize: [] + short: The number of bytes received on all network interfaces. + type: long +host.network.ingress.packets: + beta: This field is currently considered beta. + dashed_name: host-network-ingress-packets + description: The number of packets (gauge) received on all network interfaces by + the host since the last metric collection. + flat_name: host.network.ingress.packets + level: extended + name: network.ingress.packets + normalize: [] + short: The number of packets received on all network interfaces. + type: long host.os.family: dashed_name: host-os-family description: OS family (such as redhat, debian, freebsd, windows). diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index b11ded1d60..482bcf618a 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -4052,6 +4052,45 @@ host: normalize: [] short: Operating system architecture. type: keyword + host.cpu.usage: + beta: This field is currently considered beta. + dashed_name: host-cpu-usage + description: 'Percent CPU used which is normalized by the number of CPU cores + and it ranges from 0 to 1. + + Scaling factor: 1000. + + For example: For a two core host, this value should be the average of the + two cores, between 0 and 1.' + flat_name: host.cpu.usage + level: extended + name: cpu.usage + normalize: [] + scaling_factor: 1000 + short: Percent CPU used, between 0 and 1. + type: scaled_float + host.disk.read.bytes: + beta: This field is currently considered beta. + dashed_name: host-disk-read-bytes + description: The total number of bytes (gauge) read successfully (aggregated + from all disks) since the last metric collection. + flat_name: host.disk.read.bytes + level: extended + name: disk.read.bytes + normalize: [] + short: The number of bytes read by all disks. + type: long + host.disk.write.bytes: + beta: This field is currently considered beta. + dashed_name: host-disk-write-bytes + description: The total number of bytes (gauge) written successfully (aggregated + from all disks) since the last metric collection. + flat_name: host.disk.write.bytes + level: extended + name: disk.write.bytes + normalize: [] + short: The number of bytes written on all disks. + type: long host.domain: dashed_name: host-domain description: 'Name of the domain of which the host is a member. @@ -4274,6 +4313,50 @@ host: normalize: [] short: Name of the host. type: keyword + host.network.egress.bytes: + beta: This field is currently considered beta. + dashed_name: host-network-egress-bytes + description: The number of bytes (gauge) sent out on all network interfaces + by the host since the last metric collection. + flat_name: host.network.egress.bytes + level: extended + name: network.egress.bytes + normalize: [] + short: The number of bytes sent on all network interfaces. + type: long + host.network.egress.packets: + beta: This field is currently considered beta. + dashed_name: host-network-egress-packets + description: The number of packets (gauge) sent out on all network interfaces + by the host since the last metric collection. + flat_name: host.network.egress.packets + level: extended + name: network.egress.packets + normalize: [] + short: The number of packets sent on all network interfaces. + type: long + host.network.ingress.bytes: + beta: This field is currently considered beta. + dashed_name: host-network-ingress-bytes + description: The number of bytes received (gauge) on all network interfaces + by the host since the last metric collection. + flat_name: host.network.ingress.bytes + level: extended + name: network.ingress.bytes + normalize: [] + short: The number of bytes received on all network interfaces. + type: long + host.network.ingress.packets: + beta: This field is currently considered beta. + dashed_name: host-network-ingress-packets + description: The number of packets (gauge) received on all network interfaces + by the host since the last metric collection. + flat_name: host.network.ingress.packets + level: extended + name: network.ingress.packets + normalize: [] + short: The number of packets received on all network interfaces. + type: long host.os.family: dashed_name: host-os-family description: OS family (such as redhat, debian, freebsd, windows). diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index 53a790dd46..3a1b991f97 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -1115,6 +1115,32 @@ "ignore_above": 1024, "type": "keyword" }, + "cpu": { + "properties": { + "usage": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "disk": { + "properties": { + "read": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "write": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, "domain": { "ignore_above": 1024, "type": "keyword" @@ -1185,6 +1211,30 @@ "ignore_above": 1024, "type": "keyword" }, + "network": { + "properties": { + "egress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + }, + "ingress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + } + } + }, "os": { "properties": { "family": { diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 590142e166..a29fec8c33 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -1114,6 +1114,32 @@ "ignore_above": 1024, "type": "keyword" }, + "cpu": { + "properties": { + "usage": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "disk": { + "properties": { + "read": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "write": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, "domain": { "ignore_above": 1024, "type": "keyword" @@ -1184,6 +1210,30 @@ "ignore_above": 1024, "type": "keyword" }, + "network": { + "properties": { + "egress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + }, + "ingress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + } + } + }, "os": { "properties": { "family": { diff --git a/generated/elasticsearch/component/host.json b/generated/elasticsearch/component/host.json index eb2aa6c688..018c9f58ac 100644 --- a/generated/elasticsearch/component/host.json +++ b/generated/elasticsearch/component/host.json @@ -12,6 +12,32 @@ "ignore_above": 1024, "type": "keyword" }, + "cpu": { + "properties": { + "usage": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "disk": { + "properties": { + "read": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "write": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, "domain": { "ignore_above": 1024, "type": "keyword" @@ -82,6 +108,30 @@ "ignore_above": 1024, "type": "keyword" }, + "network": { + "properties": { + "egress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + }, + "ingress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + } + } + }, "os": { "properties": { "family": { diff --git a/schemas/host.yml b/schemas/host.yml index 984cc51f40..74a6de5eec 100644 --- a/schemas/host.yml +++ b/schemas/host.yml @@ -103,3 +103,71 @@ For Linux this could be the domain of the host's LDAP provider. example: CONTOSO + - name: cpu.usage + level: extended + type: scaled_float + scaling_factor: 1000 + short: Percent CPU used, between 0 and 1. + beta: This field is currently considered beta. + description: > + Percent CPU used which is normalized by the number of CPU cores and it + ranges from 0 to 1. + + Scaling factor: 1000. + + For example: For a two core host, this value should be the average of + the two cores, between 0 and 1. + + - name: disk.read.bytes + type: long + level: extended + short: The number of bytes read by all disks. + beta: This field is currently considered beta. + description: > + The total number of bytes (gauge) read successfully (aggregated from all + disks) since the last metric collection. + + - name: disk.write.bytes + type: long + level: extended + short: The number of bytes written on all disks. + beta: This field is currently considered beta. + description: > + The total number of bytes (gauge) written successfully (aggregated from + all disks) since the last metric collection. + + - name: network.ingress.bytes + type: long + level: extended + short: The number of bytes received on all network interfaces. + beta: This field is currently considered beta. + description: > + The number of bytes received (gauge) on all network interfaces by the + host since the last metric collection. + + - name: network.ingress.packets + type: long + level: extended + short: The number of packets received on all network interfaces. + beta: This field is currently considered beta. + description: > + The number of packets (gauge) received on all network interfaces by the + host since the last metric collection. + + - name: network.egress.bytes + type: long + level: extended + short: The number of bytes sent on all network interfaces. + beta: This field is currently considered beta. + description: > + The number of bytes (gauge) sent out on all network interfaces by the + host since the last metric collection. + + - name: network.egress.packets + type: long + level: extended + short: The number of packets sent on all network interfaces. + beta: This field is currently considered beta. + description: > + The number of packets (gauge) sent out on all network interfaces by the + host since the last metric collection.