From 043d144e4ae6406e7e9d66a384a8ac6a6e8b1bbc Mon Sep 17 00:00:00 2001 From: Gil Raphaelli Date: Tue, 5 Jan 2021 13:06:29 -0500 Subject: [PATCH] add http.request.id (#1208) Co-authored-by: Eric Beahan --- CHANGELOG.next.md | 2 ++ code/go/ecs/http.go | 6 ++++++ docs/field-details.asciidoc | 18 ++++++++++++++++++ experimental/generated/beats/fields.ecs.yml | 11 +++++++++++ experimental/generated/csv/fields.csv | 1 + experimental/generated/ecs/ecs_flat.yml | 15 +++++++++++++++ experimental/generated/ecs/ecs_nested.yml | 15 +++++++++++++++ .../generated/elasticsearch/7/template.json | 4 ++++ .../elasticsearch/component/http.json | 4 ++++ generated/beats/fields.ecs.yml | 11 +++++++++++ generated/csv/fields.csv | 1 + generated/ecs/ecs_flat.yml | 15 +++++++++++++++ generated/ecs/ecs_nested.yml | 15 +++++++++++++++ generated/elasticsearch/6/template.json | 4 ++++ generated/elasticsearch/7/template.json | 4 ++++ generated/elasticsearch/component/http.json | 4 ++++ schemas/http.yml | 13 +++++++++++++ 17 files changed, 143 insertions(+) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 39d6bcc56c..446cefcde0 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -17,6 +17,8 @@ Thanks, you're awesome :-) --> #### Added +* Added `http.request.id`. #1208 + #### Improvements #### Deprecated diff --git a/code/go/ecs/http.go b/code/go/ecs/http.go index 9abb112274..278b28378a 100644 --- a/code/go/ecs/http.go +++ b/code/go/ecs/http.go @@ -22,6 +22,12 @@ package ecs // Fields related to HTTP activity. Use the `url` field set to store the url of // the request. type Http struct { + // A unique identifier for each HTTP request to correlate logs between + // clients and servers in transactions. + // The id may be contained in a non-standard HTTP header, such as + // `X-Request-ID` or `X-Correlation-ID`. + RequestID string `ecs:"request.id"` + // HTTP request method. // Prior to ECS 1.6.0 the following guidance was provided: // "The field value must be normalized to lowercase for querying." diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 73bc4467d3..1c24738341 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -3383,6 +3383,24 @@ example: `1437` // =============================================================== +| +[[field-http-request-id]] +<> + +| A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. + +The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. + +type: keyword + + + +example: `123e4567-e89b-12d3-a456-426614174000` + +| extended + +// =============================================================== + | [[field-http-request-method]] <> diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 9dcae814d8..4e4122d8a5 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -2361,6 +2361,17 @@ format: bytes description: Total size in bytes of the request (body and headers). example: 1437 + - name: request.id + level: extended + type: keyword + ignore_above: 1024 + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + default_field: false - name: request.method level: extended type: keyword diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index 8f5a855131..e9c2149c56 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -278,6 +278,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev+exp,true,http,http.request.body.content,wildcard,extended,,Hello world,The full HTTP request body. 2.0.0-dev+exp,true,http,http.request.body.content.text,text,extended,,Hello world,The full HTTP request body. 2.0.0-dev+exp,true,http,http.request.bytes,long,extended,,1437,Total size in bytes of the request (body and headers). +2.0.0-dev+exp,true,http,http.request.id,keyword,extended,,123e4567-e89b-12d3-a456-426614174000,HTTP request ID. 2.0.0-dev+exp,true,http,http.request.method,keyword,extended,,"GET, POST, PUT, PoST",HTTP request method. 2.0.0-dev+exp,true,http,http.request.mime_type,keyword,extended,,image/gif,Mime type of the body of the request. 2.0.0-dev+exp,true,http,http.request.referrer,wildcard,extended,,https://blog.example.com/,Referrer for this HTTP request. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index f98d8b95ce..6b12527518 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -3786,6 +3786,21 @@ http.request.bytes: normalize: [] short: Total size in bytes of the request (body and headers). type: long +http.request.id: + dashed_name: http-request-id + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + flat_name: http.request.id + ignore_above: 1024 + level: extended + name: request.id + normalize: [] + short: HTTP request ID. + type: keyword http.request.method: dashed_name: http-request-method description: 'HTTP request method. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 97acbc2459..ce8a111bec 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -4479,6 +4479,21 @@ http: normalize: [] short: Total size in bytes of the request (body and headers). type: long + http.request.id: + dashed_name: http-request-id + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + flat_name: http.request.id + ignore_above: 1024 + level: extended + name: request.id + normalize: [] + short: HTTP request ID. + type: keyword http.request.method: dashed_name: http-request-method description: 'HTTP request method. diff --git a/experimental/generated/elasticsearch/7/template.json b/experimental/generated/elasticsearch/7/template.json index 9f786e040d..5da613cc5a 100644 --- a/experimental/generated/elasticsearch/7/template.json +++ b/experimental/generated/elasticsearch/7/template.json @@ -1283,6 +1283,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/experimental/generated/elasticsearch/component/http.json b/experimental/generated/elasticsearch/component/http.json index 15b72d0d8a..cd089802e9 100644 --- a/experimental/generated/elasticsearch/component/http.json +++ b/experimental/generated/elasticsearch/component/http.json @@ -29,6 +29,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index feb8523285..89e577fd23 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2315,6 +2315,17 @@ format: bytes description: Total size in bytes of the request (body and headers). example: 1437 + - name: request.id + level: extended + type: keyword + ignore_above: 1024 + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + default_field: false - name: request.method level: extended type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index 29496114d8..e628b51f27 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -271,6 +271,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev,true,http,http.request.body.content,wildcard,extended,,Hello world,The full HTTP request body. 2.0.0-dev,true,http,http.request.body.content.text,text,extended,,Hello world,The full HTTP request body. 2.0.0-dev,true,http,http.request.bytes,long,extended,,1437,Total size in bytes of the request (body and headers). +2.0.0-dev,true,http,http.request.id,keyword,extended,,123e4567-e89b-12d3-a456-426614174000,HTTP request ID. 2.0.0-dev,true,http,http.request.method,keyword,extended,,"GET, POST, PUT, PoST",HTTP request method. 2.0.0-dev,true,http,http.request.mime_type,keyword,extended,,image/gif,Mime type of the body of the request. 2.0.0-dev,true,http,http.request.referrer,wildcard,extended,,https://blog.example.com/,Referrer for this HTTP request. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 7e7347eba8..eed7fb34ad 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -3712,6 +3712,21 @@ http.request.bytes: normalize: [] short: Total size in bytes of the request (body and headers). type: long +http.request.id: + dashed_name: http-request-id + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + flat_name: http.request.id + ignore_above: 1024 + level: extended + name: request.id + normalize: [] + short: HTTP request ID. + type: keyword http.request.method: dashed_name: http-request-method description: 'HTTP request method. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 47cd8526ef..a78c8b1774 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -4405,6 +4405,21 @@ http: normalize: [] short: Total size in bytes of the request (body and headers). type: long + http.request.id: + dashed_name: http-request-id + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + flat_name: http.request.id + ignore_above: 1024 + level: extended + name: request.id + normalize: [] + short: HTTP request ID. + type: keyword http.request.method: dashed_name: http-request-method description: 'HTTP request method. diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index 964e7a8a81..6ae683dd98 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -1270,6 +1270,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 00ffcd09db..69350e5ea6 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -1233,6 +1233,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/component/http.json b/generated/elasticsearch/component/http.json index 21dbb95038..c43b8cb321 100644 --- a/generated/elasticsearch/component/http.json +++ b/generated/elasticsearch/component/http.json @@ -29,6 +29,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/schemas/http.yml b/schemas/http.yml index f0ee23c53a..75475199b4 100644 --- a/schemas/http.yml +++ b/schemas/http.yml @@ -8,6 +8,19 @@ type: group fields: + - name: request.id + level: extended + type: keyword + short: HTTP request ID. + description: > + A unique identifier for each HTTP request to correlate logs between clients + and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`. + + example: 123e4567-e89b-12d3-a456-426614174000 + - name: request.method level: extended type: keyword