netflow,netscout,netskope,o365,okta: remove duplicate fields (#4632)

Author: efd6

packages/netflow/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.3.1"
+ changes:
+ - description: Remove duplicate fields.
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/4632
 - version: "2.3.0"
  changes:
  - description: Update package to ECS 8.5.0.

packages/netflow/data_stream/log/fields/agent.yml

@@ -20,25 +20,13 @@
  type: group
  fields:
  - name: id
- level: core
- type: keyword
- ignore_above: 1024
- description: Unique container id.
+ external: ecs
  - name: image.name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Name of the image the container was built on.
+ external: ecs
  - name: labels
- level: extended
- type: object
- object_type: keyword
- description: Image labels.
+ external: ecs
  - name: name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Container name.
+ external: ecs
 - name: host
  title: Host
  group: 2
@@ -57,30 +45,13 @@
  example: CONTOSO
  default_field: false
  - name: os.kernel
- level: extended
- type: keyword
- ignore_above: 1024
- description: Operating system kernel version as a raw string.
- example: 4.4.0-112-generic
+ external: ecs
  - name: os.platform
- level: extended
- type: keyword
- ignore_above: 1024
- description: Operating system platform (such centos, ubuntu, windows).
- example: darwin
+ external: ecs
  - name: os.version
- level: extended
- type: keyword
- ignore_above: 1024
- description: Operating system version as a raw string.
- example: 10.14.1
+ external: ecs
  - name: type
- level: core
- type: keyword
- ignore_above: 1024
- description: 'Type of host.
-
- For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.'
+ external: ecs
  - name: containerized
  type: boolean
  description: >

packages/netflow/data_stream/log/fields/ecs.yml

@@ -88,16 +88,8 @@
  name: cloud.provider
 - external: ecs
  name: cloud.region
-- external: ecs
- name: container.id
-- external: ecs
- name: container.image.name
 - external: ecs
  name: container.image.tag
-- external: ecs
- name: container.labels
-- external: ecs
- name: container.name
 - external: ecs
  name: container.runtime
 - external: ecs
@@ -354,16 +346,8 @@
  name: host.os.family
 - external: ecs
  name: host.os.full
-- external: ecs
- name: host.os.kernel
 - external: ecs
  name: host.os.name
-- external: ecs
- name: host.os.platform
-- external: ecs
- name: host.os.version
-- external: ecs
- name: host.type
 - external: ecs
  name: host.uptime
 - external: ecs

packages/netflow/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: netflow
 title: NetFlow Records
-version: "2.3.0"
+version: "2.3.1"
 license: basic
 description: Collect flow records from NetFlow and IPFIX exporters with Elastic Agent.
 type: integration

packages/netscout/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.11.1"
+ changes:
+ - description: Remove duplicate fields.
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/4632
 - version: "0.11.0"
  changes:
  - description: Update package to ECS 8.5.0.

packages/netscout/data_stream/sightline/fields/base-fields.yml

@@ -15,9 +15,6 @@
  type: constant_keyword
  description: Event dataset
  value: netscout.sightline
-- name: '@timestamp'
- type: date
- description: Event timestamp.
 - name: container.id
  description: Unique container id.
  ignore_above: 1024

packages/netscout/data_stream/sightline/fields/ecs.yml

@@ -202,8 +202,6 @@
  name: source.subdomain
 - external: ecs
  name: source.top_level_domain
-- external: ecs
- name: tags
 - external: ecs
  name: url.domain
 - external: ecs

packages/netscout/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: netscout
 title: Arbor Peakflow SP Logs
-version: "0.11.0"
+version: "0.11.1"
 description: Collect and parse logs from Netscout Arbor Peakflow SP with Elastic Agent.
 categories: ["security"]
 release: experimental

packages/netskope/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.4.1"
+ changes:
+ - description: Remove duplicate fields.
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/4632
 - version: "1.4.0"
  changes:
  - description: Update package to ECS 8.5.0.

packages/netskope/data_stream/alerts/fields/agent.yml

@@ -6,13 +6,7 @@
  type: group
  fields:
  - name: account.id
- level: extended
- type: keyword
- ignore_above: 1024
- description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment.
-
- Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.'
- example: 666777888999
+ external: ecs
  - name: availability_zone
  level: extended
  type: keyword
@@ -43,11 +37,7 @@
  description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
  example: aws
  - name: region
- level: extended
- type: keyword
- ignore_above: 1024
- description: Region in which this host is running.
- example: us-east-1
+ external: ecs
  - name: project.id
  type: keyword
  description: Name of the project in Google Cloud.
@@ -106,12 +96,7 @@
  example: CONTOSO
  default_field: false
  - name: hostname
- level: core
- type: keyword
- ignore_above: 1024
- description: 'Hostname of the host.
-
- It normally contains what the `hostname` command returns on the host machine.'
+ external: ecs
  - name: id
  level: core
  type: keyword
@@ -150,16 +135,7 @@
  description: Operating system kernel version as a raw string.
  example: 4.4.0-112-generic
  - name: os.name
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: Operating system name, without the version.
- example: Mac OS X
+ external: ecs
  - name: os.platform
  level: extended
  type: keyword