-
Notifications
You must be signed in to change notification settings - Fork 419
/
orchestrator.yml
134 lines (120 loc) · 3.96 KB
/
orchestrator.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# Licensed to Elasticsearch B.V. under one or more contributor
# license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright
# ownership. Elasticsearch B.V. licenses this file to you under
# the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
- name: orchestrator
title: Orchestrator
group: 2
short: Fields relevant to container orchestrators.
description: >
Fields that describe the resources which container orchestrators manage or
act upon.
type: group
fields:
- name: cluster.name
level: extended
type: keyword
description: >
Name of the cluster.
- name: cluster.id
level: extended
type: keyword
description: >
Unique ID of the cluster.
- name: cluster.url
level: extended
type: keyword
description: >
URL of the API used to manage the cluster.
- name: cluster.version
level: extended
type: keyword
description: >
The version of the cluster.
- name: type
level: extended
type: keyword
example: kubernetes
description: >
Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry).
- name: organization
level: extended
type: keyword
example: elastic
description: >
Organization affected by the event (for multi-tenant orchestrator setups).
- name: namespace
level: extended
type: keyword
example: kube-system
description: >
Namespace in which the action is taking place.
- name: resource.annotation
level: extended
type: keyword
example: "['key1:value1', 'key2:value2', 'key3:value3']"
description: >
The list of annotations added to the resource.
normalize:
- array
- name: resource.label
level: extended
type: keyword
example: "['key1:value1', 'key2:value2', 'key3:value3']"
description: >
The list of labels added to the resource.
normalize:
- array
- name: resource.name
level: extended
type: keyword
example: test-pod-cdcws
description: >
Name of the resource being acted upon.
- name: resource.type
level: extended
type: keyword
example: service
description: >
Type of resource being acted upon.
- name: resource.parent.type
level: extended
type: keyword
example: DaemonSet
short: Type or kind of the parent resource associated with the event being observed.
description: >
Type or kind of the parent resource associated with the event being observed.
In Kubernetes, this will be the name of a built-in workload resource (e.g., Deployment, StatefulSet, DaemonSet).
- name: resource.ip
level: extended
type: ip
short: IP address assigned to the resource associated with the event being observed.
description: >
IP address assigned to the resource associated with the event being observed.
In the case of a Kubernetes Pod, this array would contain only one element: the IP of the Pod (as opposed to the Node on which the Pod is running).
normalize:
- array
- name: resource.id
level: extended
type: keyword
description: >
Unique ID of the resource being acted upon.
- name: api_version
level: extended
example: v1beta1
type: keyword
description: >
API version being used to carry out the action