Updates logging README, explicitly types event fields

src/core/server/logging/README.md

@@ -330,6 +330,17 @@ Here is what we get with the config above:
 | metrics.ops      | console                  | debug |
 
 
+For example to see _all_ log messages that fall back on the `root` logger configuration, just add one line to the configuration:
+
+```yaml
+logging.root.level: all
+```
+
+Or disable logging entirely with `off`:
+
+```yaml
+logging.root.level: off
+```
 ### Dedicated loggers
 
 The `root` logger has a dedicated configuration node since this context is special and should always exist. By 
@@ -353,19 +364,6 @@ ops.interval: 5000
 ```
 
 The minimum interval is 100ms and defaults to 5000ms.
-
-For example to see _all_ log messages that fall back on the `root` logger configuration, just add one line to the configuration:
-
-```yaml
-logging.root.level: all
-```
-
-Or disable logging entirely with `off`:
-
-```yaml
-logging.root.level: off
-```
-
 ## Usage
 
 Usage is very straightforward, one should just get a logger for a specific context and use it to log messages with 

src/core/server/logging/ecs.ts

@@ -39,8 +39,52 @@ interface EcsProcessField {
   uptime?: number;
 }
 
-interface EcsEventField {
-  kind?: string;
-  category?: string[];
+export interface EcsEventField {
+  kind?: EcsEventKind;
+  category?: EcsEventCategory[];
   type?: string;
 }
+
+export enum EcsEventKind {
+  ALERT = 'alert',
+  EVENT = 'event',
+  METRIC = 'metric',
+  STATE = 'state',
+  PIPELINE_ERROR = 'pipeline_error',
+  SIGNAL = 'signal',
+}
+
+export enum EcsEventCategory {
+  AUTHENTICATION = 'authentication',
+  CONFIGURATION = 'configuration',
+  DATABASE = 'database',
+  DRIVER = 'driver',
+  FILE = 'file',
+  HOST = 'host',
+  IAM = 'iam',
+  INTRUSION_DETECTION = 'intrusion_detection',
+  MALWARE = 'malware',
+  NETWORK = 'network',
+  PACKAGE = 'package',
+  PROCESS = 'process',
+  WEB = 'web',
+}
+
+export enum EcsEventType {
+  ACCESS = 'access',
+  ADMIN = 'admin',
+  ALLOWED = 'allowed',
+  CHANGE = 'change',
+  CONNECTION = 'connection',
+  CREATION = 'creation',
+  DELETION = 'deletion',
+  DENIED = 'denied',
+  END = 'end',
+  ERROR = 'error',
+  GROUP = 'group',
+  INFO = 'info',
+  INSTALLATION = 'installation',
+  PROTOCOL = 'protocol',
+  START = 'start',
+  USER = 'user',
+}

src/core/server/logging/index.ts

@@ -17,7 +17,13 @@ export {
   LogLevelId,
   LogLevel,
 } from '@kbn/logging';
-export { EcsOpsMetricsEvent } from './ecs';
+export {
+  EcsOpsMetricsEvent,
+  EcsEventField,
+  EcsEventKind,
+  EcsEventCategory,
+  EcsEventType,
+} from './ecs';
 export {
   config,
   LoggingConfigType,

src/core/server/metrics/logging/get_ops_metrics_log.ts

@@ -7,7 +7,7 @@
  */
 
 import numeral from '@elastic/numeral';
-import { EcsOpsMetricsEvent } from '../../logging';
+import { EcsOpsMetricsEvent, EcsEventKind, EcsEventCategory, EcsEventType } from '../../logging';
 import { OpsMetrics } from '..';
 
 const ECS_VERSION = '1.7.0';
@@ -55,9 +55,9 @@ export function getEcsOpsMetricsLog(metrics: OpsMetrics): EcsOpsMetricsEvent {
     ecs: { version: ECS_VERSION },
     message: `${processMemoryUsedInBytesMsg}${uptimeValMsg}${loadValsMsg}${eventLoopDelayValMsg}`,
     event: {
-      kind: 'metric',
-      category: ['process', 'host'],
-      type: 'info',
+      kind: EcsEventKind.METRIC,
+      category: [EcsEventCategory.PROCESS, EcsEventCategory.HOST],
+      type: EcsEventType.INFO,
     },
     process: {
       uptime: uptimeVal,