[logging] Upgrade ECS to 1.12 (#113583)

packages/kbn-logging/src/ecs/agent.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-agent.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-agent.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/autonomous_system.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-as.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-as.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/base.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-base.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-base.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/client.ts

@@ -17,7 +17,7 @@ interface NestedFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-client.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-client.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/cloud.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-cloud.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-cloud.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/code_signature.ts

@@ -7,15 +7,17 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-code_signature.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-code_signature.html
  *
  * @internal
  */
 export interface EcsCodeSignature {
+  digest_algorithm?: string;
   exists?: boolean;
   signing_id?: string;
   status?: string;
   subject_name?: string;
+  timestamp?: string;
   team_id?: string;
   trusted?: boolean;
   valid?: boolean;

packages/kbn-logging/src/ecs/container.ts

@@ -7,14 +7,21 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-container.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-container.html
  *
  * @internal
  */
 export interface EcsContainer {
+  cpu?: { usage?: number };
+  disk?: Disk;
   id?: string;
   image?: { name?: string; tag?: string[] };
   labels?: Record<string, unknown>;
   name?: string;
   runtime?: string;
 }
+
+interface Disk {
+  read?: { bytes?: number };
+  write?: { bytes?: number };
+}

packages/kbn-logging/src/ecs/data_stream.ts

@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-data_stream.html
+ *
+ * @internal
+ */
+export interface EcsDataStream {
+  dataset?: string;
+  namespace?: string;
+  type?: 'logs' | 'metrics';
+}

packages/kbn-logging/src/ecs/destination.ts

@@ -17,7 +17,7 @@ interface NestedFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-destination.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-destination.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/dll.ts

@@ -17,7 +17,7 @@ interface NestedFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-dll.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-dll.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/dns.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-dns.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-dns.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/elf.ts

@@ -0,0 +1,71 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-elf.html
+ *
+ * @internal
+ */
+export interface EcsElf {
+  architecture?: string;
+  byte_order?: string;
+  cpu_type?: string;
+  creation_date?: string;
+  exports?: Export[];
+  imports?: Import[];
+  header?: Header;
+  sections?: Section[];
+  segments?: Segment[];
+  shared_libraries?: string[];
+  telfhash?: string;
+}
+
+interface Export {
+  binding?: string;
+  name?: string;
+  section?: string;
+  size?: string;
+  type?: string;
+  version?: string;
+  visibility?: string;
+}
+
+interface Import {
+  library?: string;
+  name?: string;
+  type?: string;
+  version?: string;
+}
+
+interface Header {
+  abi_version?: string;
+  class?: string;
+  data?: string;
+  entrypoint?: number;
+  object_version?: string;
+  os_abi?: string;
+  type?: string;
+  version?: string;
+}
+
+interface Section {
+  chi2?: number;
+  entropy?: number;
+  flags?: string;
+  name?: string;
+  physical_offset?: string;
+  physical_size?: number;
+  type?: string;
+  virtual_address?: number;
+  virtual_size?: number;
+}
+
+interface Segment {
+  sections?: string;
+  type?: string;
+}

packages/kbn-logging/src/ecs/email.ts

@@ -0,0 +1,48 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { EcsFile } from './file';
+import { EcsHash } from './hash';
+
+interface NestedFields {
+  // Not all hash types are explicitly supported, see
+  // https://github.com/elastic/ecs/pull/1569
+  hash?: Pick<EcsHash, 'md5' | 'sha1' | 'sha256'>;
+}
+
+interface AttachmentNestedFields {
+  file?: Pick<EcsFile, 'extension' | 'mime_type' | 'name' | 'size' | 'hash'>;
+}
+
+/**
+ * No docs yet, see https://github.com/elastic/ecs/pull/1569
+ *
+ * @internal
+ */
+export interface EcsEmail extends NestedFields {
+  attachments?: Attachment[];
+  bcc?: string[];
+  cc?: string[];
+  content_type?: string;
+  delivery_timestamp?: string;
+  direction?: string;
+  from?: string;
+  local_id?: string;
+  message_id?: string;
+  origination_timestamp?: string;
+  reply_to?: string;
+  subject?: string;
+  'subject.text'?: string;
+  to?: string[];
+  x_mailer?: string;
+}
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+interface Attachment extends AttachmentNestedFields {
+  // intentionally empty
+}

packages/kbn-logging/src/ecs/error.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-error.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-error.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/event.ts

@@ -7,12 +7,13 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-event.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-event.html
  *
  * @internal
  */
 export interface EcsEvent {
   action?: string;
+  agent_id_status?: 'verified' | 'mismatch' | 'missing' | 'auth_metadata_missing';
   category?: EcsEventCategory[];
   code?: string;
   created?: string;

packages/kbn-logging/src/ecs/file.ts

@@ -7,19 +7,21 @@
  */
 
 import { EcsCodeSignature } from './code_signature';
+import { EcsElf } from './elf';
 import { EcsHash } from './hash';
 import { EcsPe } from './pe';
 import { EcsX509 } from './x509';
 
 interface NestedFields {
   code_signature?: EcsCodeSignature;
+  elf?: EcsElf;
   hash?: EcsHash;
   pe?: EcsPe;
   x509?: EcsX509;
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-file.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-file.html
  *
  * @internal
  */
@@ -32,6 +34,7 @@ export interface EcsFile extends NestedFields {
   directory?: string;
   drive_letter?: string;
   extension?: string;
+  fork_name?: string;
   gid?: string;
   group?: string;
   inode?: string;

packages/kbn-logging/src/ecs/geo.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-geo.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-geo.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/group.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-group.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-group.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/hash.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-hash.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-hash.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/host.ts

@@ -18,7 +18,7 @@ interface NestedFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-host.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-host.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/http.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-http.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-http.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/index.ts

@@ -13,8 +13,10 @@ import { EcsAutonomousSystem } from './autonomous_system';
 import { EcsClient } from './client';
 import { EcsCloud } from './cloud';
 import { EcsContainer } from './container';
+import { EcsDataStream } from './data_stream';
 import { EcsDestination } from './destination';
 import { EcsDns } from './dns';
+import { EcsEmail } from './email';
 import { EcsError } from './error';
 import { EcsEvent } from './event';
 import { EcsFile } from './file';
@@ -24,6 +26,7 @@ import { EcsHttp } from './http';
 import { EcsLog } from './log';
 import { EcsNetwork } from './network';
 import { EcsObserver } from './observer';
+import { EcsOrchestrator } from './orchestrator';
 import { EcsOrganization } from './organization';
 import { EcsPackage } from './package';
 import { EcsProcess } from './process';
@@ -45,13 +48,13 @@ export { EcsEventCategory, EcsEventKind, EcsEventOutcome, EcsEventType } from '.
 
 interface EcsField {
   /**
-   * These typings were written as of ECS 1.9.0.
+   * These typings were written as of ECS 1.12.0.
    * Don't change this value without checking the rest
    * of the types to conform to that ECS version.
    *
-   * https://www.elastic.co/guide/en/ecs/1.9/index.html
+   * https://www.elastic.co/guide/en/ecs/1.12/index.html
    */
-  version: '1.9.0';
+  version: '1.12.0';
 }
 
 /**
@@ -68,8 +71,10 @@ export type Ecs = EcsBase &
     client?: EcsClient;
     cloud?: EcsCloud;
     container?: EcsContainer;
+    data_stream?: EcsDataStream;
     destination?: EcsDestination;
     dns?: EcsDns;
+    email?: EcsEmail;
     error?: EcsError;
     event?: EcsEvent;
     file?: EcsFile;
@@ -79,6 +84,7 @@ export type Ecs = EcsBase &
     log?: EcsLog;
     network?: EcsNetwork;
     observer?: EcsObserver;
+    orchestrator?: EcsOrchestrator;
     organization?: EcsOrganization;
     package?: EcsPackage;
     process?: EcsProcess;

packages/kbn-logging/src/ecs/interface.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-interface.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-interface.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/log.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-log.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-log.html
  *
  * @internal
  */
@@ -16,6 +16,7 @@ export interface EcsLog {
   level?: string;
   logger?: string;
   origin?: Origin;
+  /** @deprecated - use `event.original` instead */
   original?: string;
   syslog?: Syslog;
 }

packages/kbn-logging/src/ecs/network.ts

@@ -14,7 +14,7 @@ interface NestedFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-network.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-network.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/observer.ts

@@ -29,7 +29,7 @@ interface NestedIngressFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-observer.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-observer.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/orchestrator.ts

@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-orchestrator.html
+ *
+ * @internal
+ */
+export interface EcsOrchestrator {
+  api_version?: string;
+  cluster?: Cluster;
+  namespace?: string;
+  organization?: string;
+  resource?: Resource;
+  type?: string;
+}
+
+interface Cluster {
+  name?: string;
+  url?: string;
+  version?: string;
+}
+
+interface Resource {
+  name?: string;
+  type?: string;
+}

packages/kbn-logging/src/ecs/organization.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-organization.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-organization.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/os.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-os.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-os.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/package.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-package.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-package.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/pe.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-pe.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-pe.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/process.ts

@@ -7,18 +7,21 @@
  */
 
 import { EcsCodeSignature } from './code_signature';
+import { EcsElf } from './elf';
 import { EcsHash } from './hash';
 import { EcsPe } from './pe';
 
 interface NestedFields {
   code_signature?: EcsCodeSignature;
+  elf?: EcsElf;
   hash?: EcsHash;
   parent?: EcsProcess;
   pe?: EcsPe;
+  target?: EcsProcess;
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-process.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-process.html
  *
  * @internal
  */
@@ -26,6 +29,7 @@ export interface EcsProcess extends NestedFields {
   args?: string[];
   args_count?: number;
   command_line?: string;
+  end?: string;
   entity_id?: string;
   executable?: string;
   exit_code?: number;
@@ -34,7 +38,6 @@ export interface EcsProcess extends NestedFields {
   pid?: number;
   ppid?: number;
   start?: string;
-  thread?: { id?: number; name?: string };
   title?: string;
   uptime?: number;
   working_directory?: string;

packages/kbn-logging/src/ecs/registry.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-registry.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-registry.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/related.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-related.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-related.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/rule.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-rule.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-rule.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/server.ts

@@ -17,7 +17,7 @@ interface NestedFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-server.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-server.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/service.ts

@@ -7,11 +7,13 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-service.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-service.html
  *
  * @internal
  */
 export interface EcsService {
+  address?: string;
+  environment?: string;
   ephemeral_id?: string;
   id?: string;
   name?: string;

packages/kbn-logging/src/ecs/source.ts

@@ -17,7 +17,7 @@ interface NestedFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-source.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-source.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/threat.ts

@@ -6,17 +6,82 @@
  * Side Public License, v 1.
  */
 
+import { EcsAutonomousSystem } from './autonomous_system';
+import { EcsFile } from './file';
+import { EcsGeo } from './geo';
+import { EcsRegistry } from './registry';
+import { EcsUrl } from './url';
+import { EcsX509 } from './x509';
+
+interface IndicatorNestedFields {
+  as?: EcsAutonomousSystem;
+  file?: EcsFile;
+  geo?: EcsGeo;
+  registry?: EcsRegistry;
+  url?: EcsUrl;
+  x509?: EcsX509;
+}
+
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-threat.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-threat.html
  *
  * @internal
  */
 export interface EcsThreat {
+  enrichments?: Enrichment[];
+  indicator?: Indicator;
   framework?: string;
+  group?: Group;
+  software?: Software;
   tactic?: Tactic;
   technique?: Technique;
 }
 
+interface Enrichment {
+  indicator?: Indicator;
+  matched?: Matched;
+}
+
+interface Indicator extends IndicatorNestedFields {
+  confidence?: string;
+  description?: string;
+  email?: { address?: string };
+  first_seen?: string;
+  ip?: string;
+  last_seen?: string;
+  marking?: { tlp?: string };
+  modified_at?: string;
+  port?: number;
+  provider?: string;
+  reference?: string;
+  scanner_stats?: number;
+  sightings?: number;
+  type?: string;
+}
+
+interface Matched {
+  atomic?: string;
+  field?: string;
+  id?: string;
+  index?: string;
+  type?: string;
+}
+
+interface Group {
+  alias?: string[];
+  id?: string;
+  name?: string;
+  reference?: string;
+}
+
+interface Software {
+  id?: string;
+  name?: string;
+  platforms?: string[];
+  reference?: string;
+  type?: string;
+}
+
 interface Tactic {
   id?: string[];
   name?: string[];

packages/kbn-logging/src/ecs/tls.ts

@@ -17,7 +17,7 @@ interface NestedServerFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-tls.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-tls.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/tracing.ts

@@ -12,7 +12,7 @@
  * the base fields, we will need to do an intersection with these types at
  * the root level.
  *
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-tracing.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-tracing.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/url.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-url.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-url.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/user.ts

@@ -20,7 +20,7 @@ interface NestedFields {
  * placed at the root level, but not if it is nested inside another field like
  * `destination`. A more detailed explanation of these nuances can be found at:
  *
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-user-usage.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-user-usage.html
  *
  * As a result, we need to export a separate `NestedUser` type to import into
  * other interfaces internally. This contains the reusable subset of properties

packages/kbn-logging/src/ecs/user_agent.ts

@@ -13,7 +13,7 @@ interface NestedFields {
 }
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-user_agent.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-user_agent.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/vlan.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-vlan.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-vlan.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/vulnerability.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-vulnerability.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-vulnerability.html
  *
  * @internal
  */

packages/kbn-logging/src/ecs/x509.ts

@@ -7,7 +7,7 @@
  */
 
 /**
- * https://www.elastic.co/guide/en/ecs/1.9/ecs-x509.html
+ * https://www.elastic.co/guide/en/ecs/1.12/ecs-x509.html
  *
  * @internal
  */

src/core/server/logging/__snapshots__/logging_system.test.ts.snap

@@ -16,7 +16,7 @@ exports[`asLoggerFactory() only allows to create new loggers. 1`] = `
 Object {
   "@timestamp": "2012-01-30T22:33:22.011-05:00",
   "ecs": Object {
-    "version": "1.9.0",
+    "version": "1.12.0",
   },
   "log": Object {
     "level": "TRACE",
@@ -33,7 +33,7 @@ exports[`asLoggerFactory() only allows to create new loggers. 2`] = `
 Object {
   "@timestamp": "2012-01-30T17:33:22.011-05:00",
   "ecs": Object {
-    "version": "1.9.0",
+    "version": "1.12.0",
   },
   "log": Object {
     "level": "INFO",
@@ -51,7 +51,7 @@ exports[`asLoggerFactory() only allows to create new loggers. 3`] = `
 Object {
   "@timestamp": "2012-01-30T12:33:22.011-05:00",
   "ecs": Object {
-    "version": "1.9.0",
+    "version": "1.12.0",
   },
   "log": Object {
     "level": "FATAL",
@@ -68,7 +68,7 @@ exports[`flushes memory buffer logger and switches to real logger once config is
 Object {
   "@timestamp": "2012-02-01T09:33:22.011-05:00",
   "ecs": Object {
-    "version": "1.9.0",
+    "version": "1.12.0",
   },
   "log": Object {
     "level": "INFO",
@@ -86,7 +86,7 @@ exports[`flushes memory buffer logger and switches to real logger once config is
 Object {
   "@timestamp": "2012-01-31T23:33:22.011-05:00",
   "ecs": Object {
-    "version": "1.9.0",
+    "version": "1.12.0",
   },
   "log": Object {
     "level": "INFO",

src/core/server/logging/layouts/__snapshots__/json_layout.test.ts.snap

@@ -1,13 +1,13 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`\`format()\` correctly formats record. 1`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-1\\",\\"error\\":{\\"message\\":\\"Some error message\\",\\"type\\":\\"Some error name\\",\\"stack_trace\\":\\"Some error stack\\"},\\"log\\":{\\"level\\":\\"FATAL\\",\\"logger\\":\\"context-1\\"},\\"process\\":{\\"pid\\":5355}}"`;
+exports[`\`format()\` correctly formats record. 1`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-1\\",\\"error\\":{\\"message\\":\\"Some error message\\",\\"type\\":\\"Some error name\\",\\"stack_trace\\":\\"Some error stack\\"},\\"log\\":{\\"level\\":\\"FATAL\\",\\"logger\\":\\"context-1\\"},\\"process\\":{\\"pid\\":5355}}"`;
 
-exports[`\`format()\` correctly formats record. 2`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-2\\",\\"log\\":{\\"level\\":\\"ERROR\\",\\"logger\\":\\"context-2\\"},\\"process\\":{\\"pid\\":5355}}"`;
+exports[`\`format()\` correctly formats record. 2`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-2\\",\\"log\\":{\\"level\\":\\"ERROR\\",\\"logger\\":\\"context-2\\"},\\"process\\":{\\"pid\\":5355}}"`;
 
-exports[`\`format()\` correctly formats record. 3`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-3\\",\\"log\\":{\\"level\\":\\"WARN\\",\\"logger\\":\\"context-3\\"},\\"process\\":{\\"pid\\":5355}}"`;
+exports[`\`format()\` correctly formats record. 3`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-3\\",\\"log\\":{\\"level\\":\\"WARN\\",\\"logger\\":\\"context-3\\"},\\"process\\":{\\"pid\\":5355}}"`;
 
-exports[`\`format()\` correctly formats record. 4`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-4\\",\\"log\\":{\\"level\\":\\"DEBUG\\",\\"logger\\":\\"context-4\\"},\\"process\\":{\\"pid\\":5355}}"`;
+exports[`\`format()\` correctly formats record. 4`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-4\\",\\"log\\":{\\"level\\":\\"DEBUG\\",\\"logger\\":\\"context-4\\"},\\"process\\":{\\"pid\\":5355}}"`;
 
-exports[`\`format()\` correctly formats record. 5`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-5\\",\\"log\\":{\\"level\\":\\"INFO\\",\\"logger\\":\\"context-5\\"},\\"process\\":{\\"pid\\":5355}}"`;
+exports[`\`format()\` correctly formats record. 5`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-5\\",\\"log\\":{\\"level\\":\\"INFO\\",\\"logger\\":\\"context-5\\"},\\"process\\":{\\"pid\\":5355}}"`;
 
-exports[`\`format()\` correctly formats record. 6`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-6\\",\\"log\\":{\\"level\\":\\"TRACE\\",\\"logger\\":\\"context-6\\"},\\"process\\":{\\"pid\\":5355}}"`;
+exports[`\`format()\` correctly formats record. 6`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-6\\",\\"log\\":{\\"level\\":\\"TRACE\\",\\"logger\\":\\"context-6\\"},\\"process\\":{\\"pid\\":5355}}"`;

src/core/server/logging/layouts/json_layout.test.ts

@@ -74,7 +74,7 @@ test('`format()` correctly formats record.', () => {
   }
 });
 
-test('`format()` correctly formats record with meta-data', () => {
+test('`format()` correctly formats record with meta-data and correct ECS version', () => {
   const layout = new JsonLayout();
 
   expect(
@@ -94,7 +94,7 @@ test('`format()` correctly formats record with meta-data', () => {
       })
     )
   ).toStrictEqual({
-    ecs: { version: '1.9.0' },
+    ecs: { version: '1.12.0' },
     '@timestamp': '2012-02-01T09:30:22.011-05:00',
     log: {
       level: 'DEBUG',
@@ -136,7 +136,7 @@ test('`format()` correctly formats error record with meta-data', () => {
       })
     )
   ).toStrictEqual({
-    ecs: { version: '1.9.0' },
+    ecs: { version: expect.any(String) },
     '@timestamp': '2012-02-01T09:30:22.011-05:00',
     log: {
       level: 'DEBUG',
@@ -176,7 +176,7 @@ test('format() meta can merge override logs', () => {
       })
     )
   ).toStrictEqual({
-    ecs: { version: '1.9.0' },
+    ecs: { version: expect.any(String) },
     '@timestamp': '2012-02-01T09:30:22.011-05:00',
     message: 'foo',
     log: {
@@ -206,7 +206,7 @@ test('format() meta can not override message', () => {
       })
     )
   ).toStrictEqual({
-    ecs: { version: '1.9.0' },
+    ecs: { version: expect.any(String) },
     '@timestamp': '2012-02-01T09:30:22.011-05:00',
     message: 'foo',
     log: {
@@ -235,7 +235,7 @@ test('format() meta can not override ecs version', () => {
       })
     )
   ).toStrictEqual({
-    ecs: { version: '1.9.0' },
+    ecs: { version: expect.any(String) },
     '@timestamp': '2012-02-01T09:30:22.011-05:00',
     message: 'foo',
     log: {
@@ -267,7 +267,7 @@ test('format() meta can not override logger or level', () => {
       })
     )
   ).toStrictEqual({
-    ecs: { version: '1.9.0' },
+    ecs: { version: expect.any(String) },
     '@timestamp': '2012-02-01T09:30:22.011-05:00',
     message: 'foo',
     log: {
@@ -296,7 +296,7 @@ test('format() meta can not override timestamp', () => {
       })
     )
   ).toStrictEqual({
-    ecs: { version: '1.9.0' },
+    ecs: { version: expect.any(String) },
     '@timestamp': '2012-02-01T09:30:22.011-05:00',
     message: 'foo',
     log: {

src/core/server/logging/layouts/json_layout.ts

@@ -43,7 +43,7 @@ export class JsonLayout implements Layout {
 
   public format(record: LogRecord): string {
     const log: Ecs = {
-      ecs: { version: '1.9.0' },
+      ecs: { version: '1.12.0' },
       '@timestamp': moment(record.timestamp).format('YYYY-MM-DDTHH:mm:ss.SSSZ'),
       message: record.message,
       error: JsonLayout.errorToSerializableObject(record.error),

x-pack/plugins/security/server/audit/audit_events.ts

@@ -10,7 +10,7 @@ import type { EcsEventOutcome, EcsEventType, KibanaRequest, LogMeta } from 'src/
 import type { AuthenticationResult } from '../authentication/authentication_result';
 
 /**
- * Audit event schema using ECS format: https://www.elastic.co/guide/en/ecs/1.9/index.html
+ * Audit event schema using ECS format: https://www.elastic.co/guide/en/ecs/1.12/index.html
  *
  * If you add additional fields to the schema ensure you update the Kibana Filebeat module:
  * https://github.com/elastic/beats/tree/master/filebeat/module/kibana