[Hashicorp Vault] Added dimensions mapping and added missing label fields to metrics datastream

packages/hashicorp_vault/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: 1.20.0
+  changes:
+    - description: Add dimension mapping to metrics datastream
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/8232
 - version: "1.19.0"
   changes:
     - description: Improve 'event.original' check to avoid errors if set.

packages/hashicorp_vault/data_stream/metrics/fields/ecs.yml

@@ -8,3 +8,30 @@
   external: ecs
 - name: service.type
   external: ecs
+- name: service.address
+  dimension: true
+  external: ecs
+- name: agent.id
+  dimension: true
+  external: ecs
+- name: cloud.account.id
+  dimension: true
+  external: ecs
+- name: cloud.region
+  dimension: true
+  external: ecs
+- name: cloud.availability_zone
+  dimension: true
+  external: ecs
+- name: cloud.instance.id
+  dimension: true
+  external: ecs
+- name: cloud.provider
+  dimension: true
+  external: ecs
+- name: container.id
+  dimension: true
+  external: ecs
+- name: host.name
+  dimension: true
+  external: ecs

packages/hashicorp_vault/data_stream/metrics/fields/fields.yml

@@ -22,42 +22,65 @@
   fields:
     - name: auth_method
       type: keyword
+      dimension: true
       description: Authorization engine type.
     - name: cluster
       type: keyword
+      dimension: true
       description: >
         The cluster name from which the metric originated; set in the configuration file, or automatically generated when a cluster is created.
-
     - name: creation_ttl
       type: keyword
+      dimension: true
       description: >
         Time-to-live value assigned to a token or lease at creation. This value is rounded up to the next-highest bucket; the available buckets are 1m, 10m, 20m, 1h, 2h, 1d, 2d, 7d, and 30d. Any longer TTL is assigned the value +Inf.
 
     - name: host
       type: keyword
+      dimension: true
     - name: instance
       type: keyword
+      dimension: true
     - name: job
       type: keyword
+      dimension: true
     - name: local
       type: keyword
+      dimension: true
     - name: mount_point
       type: keyword
+      dimension: true
       description: Path at which an auth method or secret engine is mounted.
     - name: namespace
       type: keyword
+      dimension: true
       description: A namespace path, or root for the root namespace
     - name: quantile
       type: keyword
+      dimension: true
     - name: queue_id
       type: keyword
+      dimension: true
     - name: term
       type: keyword
+      dimension: true
     - name: token_type
       type: keyword
+      dimension: true
       description: Identifies whether the token is a batch token or a service token.
       example: service
     - name: type
       type: keyword
+      dimension: true
     - name: version
       type: keyword
+      dimension: true
+    - name: gauge
+      type: keyword
+      dimension: true
+    - name: policy
+      type: keyword
+      dimension: true
+    - name: expiring
+      type: keyword
+      dimension: true

packages/hashicorp_vault/data_stream/metrics/manifest.yml

@@ -48,3 +48,11 @@ streams:
           #    -----BEGIN CERTIFICATE-----
           #    MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF
           #    -----END CERTIFICATE-----
+
+elasticsearch:
+  index_template:
+    settings:
+      index:
+        mapping:
+          dimension_fields:
+            limit: 32

packages/hashicorp_vault/docs/README.md

@@ -441,6 +441,13 @@ telemetry {
 | Field | Description | Type | Metric Type |
 |---|---|---|---|
 | @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date |  |
+| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword |  |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |  |
+| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword |  |
+| cloud.instance.id | Instance ID of the host machine. | keyword |  |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |  |
+| cloud.region | Region in which this host, resource, or service is located. | keyword |  |
+| container.id | Unique container id. | keyword |  |
 | data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions:   \* Must not contain `-`   \* No longer than 100 characters | constant_keyword |  |
 | data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions:   \* Must not contain `-`   \* No longer than 100 characters | constant_keyword |  |
 | data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword |  |
@@ -453,21 +460,26 @@ telemetry {
 | hashicorp_vault.metrics.\*.histogram | Hashicorp Vault telemetry data from the Prometheus endpoint. | histogram |  |
 | hashicorp_vault.metrics.\*.rate | Hashicorp Vault telemetry data from the Prometheus endpoint. | double | gauge |
 | hashicorp_vault.metrics.\*.value | Hashicorp Vault telemetry data from the Prometheus endpoint. | double | gauge |
+| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword |  |
 | labels | Custom key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. Example: `docker` and `k8s` labels. | object |  |
 | labels.auth_method | Authorization engine type. | keyword |  |
 | labels.cluster | The cluster name from which the metric originated; set in the configuration file, or automatically generated when a cluster is created. | keyword |  |
 | labels.creation_ttl | Time-to-live value assigned to a token or lease at creation. This value is rounded up to the next-highest bucket; the available buckets are 1m, 10m, 20m, 1h, 2h, 1d, 2d, 7d, and 30d. Any longer TTL is assigned the value +Inf. | keyword |  |
+| labels.expiring |  | keyword |  |
+| labels.gauge |  | keyword |  |
 | labels.host |  | keyword |  |
 | labels.instance |  | keyword |  |
 | labels.job |  | keyword |  |
 | labels.local |  | keyword |  |
 | labels.mount_point | Path at which an auth method or secret engine is mounted. | keyword |  |
 | labels.namespace | A namespace path, or root for the root namespace | keyword |  |
+| labels.policy |  | keyword |  |
 | labels.quantile |  | keyword |  |
 | labels.queue_id |  | keyword |  |
 | labels.term |  | keyword |  |
 | labels.token_type | Identifies whether the token is a batch token or a service token. | keyword |  |
 | labels.type |  | keyword |  |
 | labels.version |  | keyword |  |
+| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword |  |
 | service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword |  |
 

packages/hashicorp_vault/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.0"
 name: hashicorp_vault
 title: Hashicorp Vault
-version: "1.19.0"
+version: "1.20.0"
 description: Collect logs and metrics from Hashicorp Vault with Elastic Agent.
 type: integration
 categories: