From 210000f9afb33455c9e85cc2828077a3a7be9e82 Mon Sep 17 00:00:00 2001 From: Gil Raphaelli Date: Mon, 21 Dec 2020 09:22:20 -0500 Subject: [PATCH 1/4] add http.request.id --- code/go/ecs/http.go | 3 +++ docs/field-details.asciidoc | 16 ++++++++++++++++ experimental/generated/beats/fields.ecs.yml | 7 +++++++ experimental/generated/csv/fields.csv | 1 + experimental/generated/ecs/ecs_flat.yml | 11 +++++++++++ experimental/generated/ecs/ecs_nested.yml | 11 +++++++++++ .../generated/elasticsearch/7/template.json | 4 ++++ .../generated/elasticsearch/component/http.json | 4 ++++ generated/beats/fields.ecs.yml | 7 +++++++ generated/csv/fields.csv | 1 + generated/ecs/ecs_flat.yml | 11 +++++++++++ generated/ecs/ecs_nested.yml | 11 +++++++++++ generated/elasticsearch/6/template.json | 4 ++++ generated/elasticsearch/7/template.json | 4 ++++ generated/elasticsearch/component/http.json | 4 ++++ schemas/http.yml | 9 +++++++++ 16 files changed, 108 insertions(+) diff --git a/code/go/ecs/http.go b/code/go/ecs/http.go index 9abb112274..cf9178cb8c 100644 --- a/code/go/ecs/http.go +++ b/code/go/ecs/http.go @@ -22,6 +22,9 @@ package ecs // Fields related to HTTP activity. Use the `url` field set to store the url of // the request. type Http struct { + // A unique identifier for each HTTP request. + RequestID string `ecs:"request.id"` + // HTTP request method. // Prior to ECS 1.6.0 the following guidance was provided: // "The field value must be normalized to lowercase for querying." diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 73bc4467d3..06606d1342 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -3383,6 +3383,22 @@ example: `1437` // =============================================================== +| +[[field-http-request-id]] +<> + +| A unique identifier for each HTTP request. + +type: keyword + + + +example: `123e4567-e89b-12d3-a456-426614174000` + +| extended + +// =============================================================== + | [[field-http-request-method]] <> diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 9dcae814d8..0d5153b5c4 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -2361,6 +2361,13 @@ format: bytes description: Total size in bytes of the request (body and headers). example: 1437 + - name: request.id + level: extended + type: keyword + ignore_above: 1024 + description: A unique identifier for each HTTP request. + example: 123e4567-e89b-12d3-a456-426614174000 + default_field: false - name: request.method level: extended type: keyword diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index 8f5a855131..e9c2149c56 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -278,6 +278,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev+exp,true,http,http.request.body.content,wildcard,extended,,Hello world,The full HTTP request body. 2.0.0-dev+exp,true,http,http.request.body.content.text,text,extended,,Hello world,The full HTTP request body. 2.0.0-dev+exp,true,http,http.request.bytes,long,extended,,1437,Total size in bytes of the request (body and headers). +2.0.0-dev+exp,true,http,http.request.id,keyword,extended,,123e4567-e89b-12d3-a456-426614174000,HTTP request ID. 2.0.0-dev+exp,true,http,http.request.method,keyword,extended,,"GET, POST, PUT, PoST",HTTP request method. 2.0.0-dev+exp,true,http,http.request.mime_type,keyword,extended,,image/gif,Mime type of the body of the request. 2.0.0-dev+exp,true,http,http.request.referrer,wildcard,extended,,https://blog.example.com/,Referrer for this HTTP request. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index f98d8b95ce..a57644838d 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -3786,6 +3786,17 @@ http.request.bytes: normalize: [] short: Total size in bytes of the request (body and headers). type: long +http.request.id: + dashed_name: http-request-id + description: A unique identifier for each HTTP request. + example: 123e4567-e89b-12d3-a456-426614174000 + flat_name: http.request.id + ignore_above: 1024 + level: extended + name: request.id + normalize: [] + short: HTTP request ID. + type: keyword http.request.method: dashed_name: http-request-method description: 'HTTP request method. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 97acbc2459..1d1f8b8403 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -4479,6 +4479,17 @@ http: normalize: [] short: Total size in bytes of the request (body and headers). type: long + http.request.id: + dashed_name: http-request-id + description: A unique identifier for each HTTP request. + example: 123e4567-e89b-12d3-a456-426614174000 + flat_name: http.request.id + ignore_above: 1024 + level: extended + name: request.id + normalize: [] + short: HTTP request ID. + type: keyword http.request.method: dashed_name: http-request-method description: 'HTTP request method. diff --git a/experimental/generated/elasticsearch/7/template.json b/experimental/generated/elasticsearch/7/template.json index 9f786e040d..5da613cc5a 100644 --- a/experimental/generated/elasticsearch/7/template.json +++ b/experimental/generated/elasticsearch/7/template.json @@ -1283,6 +1283,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/experimental/generated/elasticsearch/component/http.json b/experimental/generated/elasticsearch/component/http.json index 15b72d0d8a..cd089802e9 100644 --- a/experimental/generated/elasticsearch/component/http.json +++ b/experimental/generated/elasticsearch/component/http.json @@ -29,6 +29,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index feb8523285..79025cdb69 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2315,6 +2315,13 @@ format: bytes description: Total size in bytes of the request (body and headers). example: 1437 + - name: request.id + level: extended + type: keyword + ignore_above: 1024 + description: A unique identifier for each HTTP request. + example: 123e4567-e89b-12d3-a456-426614174000 + default_field: false - name: request.method level: extended type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index 29496114d8..e628b51f27 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -271,6 +271,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev,true,http,http.request.body.content,wildcard,extended,,Hello world,The full HTTP request body. 2.0.0-dev,true,http,http.request.body.content.text,text,extended,,Hello world,The full HTTP request body. 2.0.0-dev,true,http,http.request.bytes,long,extended,,1437,Total size in bytes of the request (body and headers). +2.0.0-dev,true,http,http.request.id,keyword,extended,,123e4567-e89b-12d3-a456-426614174000,HTTP request ID. 2.0.0-dev,true,http,http.request.method,keyword,extended,,"GET, POST, PUT, PoST",HTTP request method. 2.0.0-dev,true,http,http.request.mime_type,keyword,extended,,image/gif,Mime type of the body of the request. 2.0.0-dev,true,http,http.request.referrer,wildcard,extended,,https://blog.example.com/,Referrer for this HTTP request. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 7e7347eba8..a804bb8641 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -3712,6 +3712,17 @@ http.request.bytes: normalize: [] short: Total size in bytes of the request (body and headers). type: long +http.request.id: + dashed_name: http-request-id + description: A unique identifier for each HTTP request. + example: 123e4567-e89b-12d3-a456-426614174000 + flat_name: http.request.id + ignore_above: 1024 + level: extended + name: request.id + normalize: [] + short: HTTP request ID. + type: keyword http.request.method: dashed_name: http-request-method description: 'HTTP request method. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 47cd8526ef..6a053846c8 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -4405,6 +4405,17 @@ http: normalize: [] short: Total size in bytes of the request (body and headers). type: long + http.request.id: + dashed_name: http-request-id + description: A unique identifier for each HTTP request. + example: 123e4567-e89b-12d3-a456-426614174000 + flat_name: http.request.id + ignore_above: 1024 + level: extended + name: request.id + normalize: [] + short: HTTP request ID. + type: keyword http.request.method: dashed_name: http-request-method description: 'HTTP request method. diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index 964e7a8a81..6ae683dd98 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -1270,6 +1270,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 00ffcd09db..69350e5ea6 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -1233,6 +1233,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/component/http.json b/generated/elasticsearch/component/http.json index 21dbb95038..c43b8cb321 100644 --- a/generated/elasticsearch/component/http.json +++ b/generated/elasticsearch/component/http.json @@ -29,6 +29,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/schemas/http.yml b/schemas/http.yml index f0ee23c53a..fbdd005ff9 100644 --- a/schemas/http.yml +++ b/schemas/http.yml @@ -8,6 +8,15 @@ type: group fields: + - name: request.id + level: extended + type: keyword + short: HTTP request ID. + description: > + A unique identifier for each HTTP request. + + example: 123e4567-e89b-12d3-a456-426614174000 + - name: request.method level: extended type: keyword From bd3ff15e34012c869a150664dd9ffce6236403e4 Mon Sep 17 00:00:00 2001 From: Gil Raphaelli Date: Mon, 21 Dec 2020 09:50:11 -0500 Subject: [PATCH 2/4] update changelog --- CHANGELOG.next.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 39d6bcc56c..446cefcde0 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -17,6 +17,8 @@ Thanks, you're awesome :-) --> #### Added +* Added `http.request.id`. #1208 + #### Improvements #### Deprecated From 89665d31276a10271628aaf25433bce253842152 Mon Sep 17 00:00:00 2001 From: Gil Raphaelli Date: Mon, 4 Jan 2021 17:06:00 -0500 Subject: [PATCH 3/4] expand http.request.id description Co-authored-by: Eric Beahan --- schemas/http.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/schemas/http.yml b/schemas/http.yml index fbdd005ff9..75475199b4 100644 --- a/schemas/http.yml +++ b/schemas/http.yml @@ -13,7 +13,11 @@ type: keyword short: HTTP request ID. description: > - A unique identifier for each HTTP request. + A unique identifier for each HTTP request to correlate logs between clients + and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`. example: 123e4567-e89b-12d3-a456-426614174000 From d9936fc803e678b92966d5cc3c193b19920150b4 Mon Sep 17 00:00:00 2001 From: Gil Raphaelli Date: Mon, 4 Jan 2021 17:07:28 -0500 Subject: [PATCH 4/4] regenerate with updated descriptions --- code/go/ecs/http.go | 5 ++++- docs/field-details.asciidoc | 4 +++- experimental/generated/beats/fields.ecs.yml | 6 +++++- experimental/generated/ecs/ecs_flat.yml | 6 +++++- experimental/generated/ecs/ecs_nested.yml | 6 +++++- generated/beats/fields.ecs.yml | 6 +++++- generated/ecs/ecs_flat.yml | 6 +++++- generated/ecs/ecs_nested.yml | 6 +++++- 8 files changed, 37 insertions(+), 8 deletions(-) diff --git a/code/go/ecs/http.go b/code/go/ecs/http.go index cf9178cb8c..278b28378a 100644 --- a/code/go/ecs/http.go +++ b/code/go/ecs/http.go @@ -22,7 +22,10 @@ package ecs // Fields related to HTTP activity. Use the `url` field set to store the url of // the request. type Http struct { - // A unique identifier for each HTTP request. + // A unique identifier for each HTTP request to correlate logs between + // clients and servers in transactions. + // The id may be contained in a non-standard HTTP header, such as + // `X-Request-ID` or `X-Correlation-ID`. RequestID string `ecs:"request.id"` // HTTP request method. diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 06606d1342..1c24738341 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -3387,7 +3387,9 @@ example: `1437` [[field-http-request-id]] <> -| A unique identifier for each HTTP request. +| A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. + +The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. type: keyword diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 0d5153b5c4..4e4122d8a5 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -2365,7 +2365,11 @@ level: extended type: keyword ignore_above: 1024 - description: A unique identifier for each HTTP request. + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' example: 123e4567-e89b-12d3-a456-426614174000 default_field: false - name: request.method diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index a57644838d..6b12527518 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -3788,7 +3788,11 @@ http.request.bytes: type: long http.request.id: dashed_name: http-request-id - description: A unique identifier for each HTTP request. + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' example: 123e4567-e89b-12d3-a456-426614174000 flat_name: http.request.id ignore_above: 1024 diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 1d1f8b8403..ce8a111bec 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -4481,7 +4481,11 @@ http: type: long http.request.id: dashed_name: http-request-id - description: A unique identifier for each HTTP request. + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' example: 123e4567-e89b-12d3-a456-426614174000 flat_name: http.request.id ignore_above: 1024 diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 79025cdb69..89e577fd23 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2319,7 +2319,11 @@ level: extended type: keyword ignore_above: 1024 - description: A unique identifier for each HTTP request. + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' example: 123e4567-e89b-12d3-a456-426614174000 default_field: false - name: request.method diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index a804bb8641..eed7fb34ad 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -3714,7 +3714,11 @@ http.request.bytes: type: long http.request.id: dashed_name: http-request-id - description: A unique identifier for each HTTP request. + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' example: 123e4567-e89b-12d3-a456-426614174000 flat_name: http.request.id ignore_above: 1024 diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 6a053846c8..a78c8b1774 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -4407,7 +4407,11 @@ http: type: long http.request.id: dashed_name: http-request-id - description: A unique identifier for each HTTP request. + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' example: 123e4567-e89b-12d3-a456-426614174000 flat_name: http.request.id ignore_above: 1024