elastic · fearful-symmetry · Jun 29, 2021 · Jun 24, 2021 · Jun 28, 2021 · Jun 28, 2021
diff --git a/packages/system/changelog.yml b/packages/system/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.13.6"
+ changes:
+ - description: Use event.dataset and event.module
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/1211
 - version: "0.13.5"
  changes:
  - description: Add support for Splunk authorization tokens

diff --git a/packages/system/data_stream/application/fields/base-fields.yml b/packages/system/data_stream/application/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.application
diff --git a/packages/system/data_stream/auth/fields/base-fields.yml b/packages/system/data_stream/auth/fields/base-fields.yml
@@ -1,6 +1,7 @@
 - name: data_stream.type
  type: constant_keyword
  description: Data stream type.
+ value: logs
 - name: data_stream.dataset
  type: constant_keyword
  description: Data stream dataset.
@@ -10,3 +11,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.auth
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
diff --git a/packages/system/data_stream/core/fields/base-fields.yml b/packages/system/data_stream/core/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.core
diff --git a/packages/system/data_stream/cpu/fields/base-fields.yml b/packages/system/data_stream/cpu/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.cpu
diff --git a/packages/system/data_stream/diskio/fields/base-fields.yml b/packages/system/data_stream/diskio/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.diskio
diff --git a/packages/system/data_stream/filesystem/fields/base-fields.yml b/packages/system/data_stream/filesystem/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.filesystem
diff --git a/packages/system/data_stream/fsstat/fields/base-fields.yml b/packages/system/data_stream/fsstat/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.fsstat
diff --git a/packages/system/data_stream/load/fields/base-fields.yml b/packages/system/data_stream/load/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.load
diff --git a/packages/system/data_stream/memory/fields/base-fields.yml b/packages/system/data_stream/memory/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.memory
diff --git a/packages/system/data_stream/network/fields/base-fields.yml b/packages/system/data_stream/network/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.network
diff --git a/packages/system/data_stream/process/fields/base-fields.yml b/packages/system/data_stream/process/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.process
diff --git a/packages/system/data_stream/process_summary/fields/base-fields.yml b/packages/system/data_stream/process_summary/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.process.summary
diff --git a/packages/system/data_stream/security/fields/base-fields.yml b/packages/system/data_stream/security/fields/base-fields.yml
@@ -1,24 +1,24 @@
 - name: data_stream.type
  type: constant_keyword
  description: Data stream type.
+ value: logs
 - name: data_stream.dataset
  type: constant_keyword
  description: Data stream dataset name.
 - name: data_stream.namespace
  type: constant_keyword
  description: Data stream namespace.
-- name: dataset.type
- type: constant_keyword
- description: Dataset type.
-- name: dataset.name
- type: constant_keyword
- description: Dataset name.
-- name: dataset.namespace
- type: constant_keyword
- description: Dataset namespace.
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.security
 - name: tags
  description: List of keywords used to tag each event.
  example: '["production", "env2"]'

diff --git a/packages/system/data_stream/socket_summary/fields/base-fields.yml b/packages/system/data_stream/socket_summary/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.socket_summary
diff --git a/packages/system/data_stream/syslog/fields/base-fields.yml b/packages/system/data_stream/syslog/fields/base-fields.yml
@@ -1,6 +1,7 @@
 - name: data_stream.type
  type: constant_keyword
  description: Data stream type.
+ value: logs
 - name: data_stream.dataset
  type: constant_keyword
  description: Data stream dataset.
@@ -10,3 +11,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.syslog
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
diff --git a/packages/system/data_stream/system/fields/base-fields.yml b/packages/system/data_stream/system/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.system
diff --git a/packages/system/data_stream/uptime/fields/base-fields.yml b/packages/system/data_stream/uptime/fields/base-fields.yml
@@ -10,3 +10,11 @@
 - name: '@timestamp'
  type: date
  description: Event timestamp.
+- name: event.module
+ type: constant_keyword
+ description: Event module
+ value: system
+- name: event.dataset
+ type: constant_keyword
+ description: Event dataset.
+ value: system.uptime