Set event.module and event.dataset

marc-gr · marc-gr · commit 3036bcb3c1fe · 2021-06-29T11:54:26.000+02:00
diff --git a/packages/okta/changelog.yml b/packages/okta/changelog.yml
@@ -4,6 +4,9 @@
     - description: make GA
       type: enhancement
       link: https://github.com/elastic/integrations/pull/1222
+    - description: Set "event.module" and "event.dataset"
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/1222
 - version: "0.6.0"
   changes:
     - description: Update to ECS 1.10.0 and add event.original options
diff --git a/packages/okta/data_stream/system/fields/base-fields.yml b/packages/okta/data_stream/system/fields/base-fields.yml
@@ -7,6 +7,14 @@
 - name: data_stream.namespace
   type: constant_keyword
   description: Data stream namespace.
+- name: event.module
+  type: constant_keyword
+  description: Event module
+  value: okta
+- name: event.dataset
+  type: constant_keyword
+  description: Event dataset
+  value: okta.system
 - name: "@timestamp"
   type: date
   description: Event timestamp.
diff --git a/packages/okta/docs/README.md b/packages/okta/docs/README.md
@@ -217,9 +217,11 @@ An example event for `system` looks as following:
 | error.message | Error message. | text |
 | event.action | The action captured by the event. | keyword |
 | event.category | Event category. The second categorization field in the hierarchy. | keyword |
+| event.dataset | Event dataset | constant_keyword |
 | event.id | Unique ID to describe the event. | keyword |
 | event.ingested | Timestamp when an event arrived in the central data store. | date |
 | event.kind | The kind of the event. The highest categorization field in the hierarchy. | keyword |
+| event.module | Event module | constant_keyword |
 | event.original | Raw text message of entire event. | keyword |
 | event.outcome | The outcome of the event. The lowest level categorization field in the hierarchy. | keyword |
 | event.type | Event type. The third categorization field in the hierarchy. | keyword |
