Auto generate ECS fields (#141152)

* Auto generate ecs fields

* Update field limits

* Update ecs fields

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

x-pack/plugins/rule_registry/common/assets/component_templates/ecs_component_template.ts

@@ -14,7 +14,7 @@ export const ecsComponentTemplate: ClusterPutComponentTemplateBody = {
   template: {
     settings: {
       number_of_shards: 1,
-      'index.mapping.total_fields.limit': 1500,
+      'index.mapping.total_fields.limit': 1700,
     },
     mappings: merge(
       {},

x-pack/plugins/rule_registry/common/assets/field_maps/ecs_field_map.ts

@@ -1480,6 +1480,11 @@ export const ecsFieldMap = {
     array: false,
     required: false,
   },
+  'host.boot.id': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
   'host.cpu.usage': {
     type: 'scaled_float',
     array: false,
@@ -1636,6 +1641,41 @@ export const ecsFieldMap = {
     array: false,
     required: false,
   },
+  'host.pid_ns_ino': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'host.risk.calculated_level': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'host.risk.calculated_score': {
+    type: 'float',
+    array: false,
+    required: false,
+  },
+  'host.risk.calculated_score_norm': {
+    type: 'float',
+    array: false,
+    required: false,
+  },
+  'host.risk.static_level': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'host.risk.static_score': {
+    type: 'float',
+    array: false,
+    required: false,
+  },
+  'host.risk.static_score_norm': {
+    type: 'float',
+    array: false,
+    required: false,
+  },
   'host.type': {
     type: 'keyword',
     array: false,
@@ -2071,6 +2111,11 @@ export const ecsFieldMap = {
     array: false,
     required: false,
   },
+  'orchestrator.cluster.id': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
   'orchestrator.cluster.name': {
     type: 'keyword',
     array: false,
@@ -2096,11 +2141,26 @@ export const ecsFieldMap = {
     array: false,
     required: false,
   },
+  'orchestrator.resource.id': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'orchestrator.resource.ip': {
+    type: 'ip',
+    array: true,
+    required: false,
+  },
   'orchestrator.resource.name': {
     type: 'keyword',
     array: false,
     required: false,
   },
+  'orchestrator.resource.parent.type': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
   'orchestrator.resource.type': {
     type: 'keyword',
     array: false,
@@ -5881,6 +5941,36 @@ export const ecsFieldMap = {
     array: false,
     required: false,
   },
+  'user.risk.calculated_level': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'user.risk.calculated_score': {
+    type: 'float',
+    array: false,
+    required: false,
+  },
+  'user.risk.calculated_score_norm': {
+    type: 'float',
+    array: false,
+    required: false,
+  },
+  'user.risk.static_level': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'user.risk.static_score': {
+    type: 'float',
+    array: false,
+    required: false,
+  },
+  'user.risk.static_score_norm': {
+    type: 'float',
+    array: false,
+    required: false,
+  },
   'user.roles': {
     type: 'keyword',
     array: true,

x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.ts

@@ -351,7 +351,7 @@ export class ResourceInstaller {
               name: ilmPolicyName,
               rollover_alias: primaryNamespacedAlias,
             },
-            'index.mapping.total_fields.limit': 1700,
+            'index.mapping.total_fields.limit': 1900,
             auto_expand_replicas: '0-1',
           },
           mappings: {