[core.logging] Ensure LogMeta is ECS-compliant. (#96350)

docs/development/core/server/kibana-plugin-core-server.savedobjectsmigrationlogger.error.md

@@ -7,5 +7,5 @@
 <b>Signature:</b>
 
 ```typescript
-error: (msg: string, meta: LogMeta) => void;
+error: <Meta extends LogMeta = LogMeta>(msg: string, meta: Meta) => void;
 ```

docs/development/core/server/kibana-plugin-core-server.savedobjectsmigrationlogger.md

@@ -16,7 +16,7 @@ export interface SavedObjectsMigrationLogger
 |  Property | Type | Description |
 |  --- | --- | --- |
 |  [debug](./kibana-plugin-core-server.savedobjectsmigrationlogger.debug.md) | <code>(msg: string) =&gt; void</code> |  |
-|  [error](./kibana-plugin-core-server.savedobjectsmigrationlogger.error.md) | <code>(msg: string, meta: LogMeta) =&gt; void</code> |  |
+|  [error](./kibana-plugin-core-server.savedobjectsmigrationlogger.error.md) | <code>&lt;Meta extends LogMeta = LogMeta&gt;(msg: string, meta: Meta) =&gt; void</code> |  |
 |  [info](./kibana-plugin-core-server.savedobjectsmigrationlogger.info.md) | <code>(msg: string) =&gt; void</code> |  |
 |  [warn](./kibana-plugin-core-server.savedobjectsmigrationlogger.warn.md) | <code>(msg: string) =&gt; void</code> |  |
 |  [warning](./kibana-plugin-core-server.savedobjectsmigrationlogger.warning.md) | <code>(msg: string) =&gt; void</code> |  |

packages/kbn-logging/src/ecs/agent.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.9/ecs-agent.html
+ *
+ * @internal
+ */
+export interface EcsAgent {
+  build?: { original: string };
+  ephemeral_id?: string;
+  id?: string;
+  name?: string;
+  type?: string;
+  version?: string;
+}

packages/kbn-logging/src/ecs/autonomous_system.ts

@@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.9/ecs-as.html
+ *
+ * @internal
+ */
+export interface EcsAutonomousSystem {
+  number?: number;
+  organization?: { name: string };
+}

packages/kbn-logging/src/ecs/base.ts

@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.9/ecs-base.html
+ *
+ * @internal
+ */
+export interface EcsBase {
+  ['@timestamp']: string;
+  labels?: Record<string, unknown>;
+  message?: string;
+  tags?: string[];
+}

packages/kbn-logging/src/ecs/client.ts

@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { EcsAutonomousSystem } from './autonomous_system';
+import { EcsGeo } from './geo';
+import { EcsNestedUser } from './user';
+
+interface NestedFields {
+  as?: EcsAutonomousSystem;
+  geo?: EcsGeo;
+  user?: EcsNestedUser;
+}
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.9/ecs-client.html
+ *
+ * @internal
+ */
+export interface EcsClient extends NestedFields {
+  address?: string;
+  bytes?: number;
+  domain?: string;
+  ip?: string;
+  mac?: string;
+  nat?: { ip?: string; port?: number };
+  packets?: number;
+  port?: number;
+  registered_domain?: string;
+  subdomain?: string;
+  top_level_domain?: string;
+}

packages/kbn-logging/src/ecs/cloud.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.9/ecs-cloud.html
+ *
+ * @internal
+ */
+export interface EcsCloud {
+  account?: { id?: string; name?: string };
+  availability_zone?: string;
+  instance?: { id?: string; name?: string };
+  machine?: { type: string };
+  project?: { id?: string; name?: string };
+  provider?: string;
+  region?: string;
+  service?: { name: string };
+}

packages/kbn-logging/src/ecs/code_signature.ts

@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.9/ecs-code_signature.html
+ *
+ * @internal
+ */
+export interface EcsCodeSignature {
+  exists?: boolean;
+  signing_id?: string;
+  status?: string;
+  subject_name?: string;
+  team_id?: string;
+  trusted?: boolean;
+  valid?: boolean;
+}

packages/kbn-logging/src/ecs/container.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.9/ecs-container.html
+ *
+ * @internal
+ */
+export interface EcsContainer {
+  id?: string;
+  image?: { name?: string; tag?: string[] };
+  labels?: Record<string, unknown>;
+  name?: string;
+  runtime?: string;
+}

packages/kbn-logging/src/ecs/destination.ts

@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { EcsAutonomousSystem } from './autonomous_system';
+import { EcsGeo } from './geo';
+import { EcsNestedUser } from './user';
+
+interface NestedFields {
+  as?: EcsAutonomousSystem;
+  geo?: EcsGeo;
+  user?: EcsNestedUser;
+}
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.9/ecs-destination.html
+ *
+ * @internal
+ */
+export interface EcsDestination extends NestedFields {
+  address?: string;
+  bytes?: number;
+  domain?: string;
+  ip?: string;
+  mac?: string;
+  nat?: { ip?: string; port?: number };
+  packets?: number;
+  port?: number;
+  registered_domain?: string;
+  subdomain?: string;
+  top_level_domain?: string;
+}

packages/kbn-logging/src/ecs/dll.ts

@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { EcsCodeSignature } from './code_signature';
+import { EcsHash } from './hash';
+import { EcsPe } from './pe';
+
+interface NestedFields {
+  code_signature?: EcsCodeSignature;
+  hash?: EcsHash;
+  pe?: EcsPe;
+}
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.9/ecs-dll.html
+ *
+ * @internal
+ */
+export interface EcsDll extends NestedFields {
+  name?: string;
+  path?: string;
+}

packages/kbn-logging/src/ecs/dns.ts

@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.9/ecs-dns.html
+ *
+ * @internal
+ */
+export interface EcsDns {
+  answers?: Answer[];
+  header_flags?: string[];
+  id?: number;
+  op_code?: string;
+  question?: Question;
+  resolved_ip?: string[];
+  response_code?: string;
+  type?: string;
+}
+
+interface Answer {
+  data: string;
+  class?: string;
+  name?: string;
+  ttl?: number;
+  type?: string;
+}
+
+interface Question {
+  class?: string;
+  name?: string;
+  registered_domain?: string;
+  subdomain?: string;
+  top_level_domain?: string;
+  type?: string;
+}

packages/kbn-logging/src/ecs/error.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.9/ecs-error.html
+ *
+ * @internal
+ */
+export interface EcsError {
+  code?: string;
+  id?: string;
+  message?: string;
+  stack_trace?: string;
+  type?: string;
+}

packages/kbn-logging/src/ecs/event.ts

@@ -0,0 +1,91 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/**
+ * https://www.elastic.co/guide/en/ecs/1.9/ecs-event.html
+ *
+ * @internal
+ */
+export interface EcsEvent {
+  action?: string;
+  category?: EcsEventCategory[];
+  code?: string;
+  created?: string;
+  dataset?: string;
+  duration?: number;
+  end?: string;
+  hash?: string;
+  id?: string;
+  ingested?: string;
+  kind?: EcsEventKind;
+  module?: string;
+  original?: string;
+  outcome?: EcsEventOutcome;
+  provider?: string;
+  reason?: string;
+  reference?: string;
+  risk_score?: number;
+  risk_score_norm?: number;
+  sequence?: number;
+  severity?: number;
+  start?: string;
+  timezone?: string;
+  type?: EcsEventType[];
+  url?: string;
+}
+
+/**
+ * @public
+ */
+export type EcsEventCategory =
+  | 'authentication'
+  | 'configuration'
+  | 'database'
+  | 'driver'
+  | 'file'
+  | 'host'
+  | 'iam'
+  | 'intrusion_detection'
+  | 'malware'
+  | 'network'
+  | 'package'
+  | 'process'
+  | 'registry'
+  | 'session'
+  | 'web';
+
+/**
+ * @public
+ */
+export type EcsEventKind = 'alert' | 'event' | 'metric' | 'state' | 'pipeline_error' | 'signal';
+
+/**
+ * @public
+ */
+export type EcsEventOutcome = 'failure' | 'success' | 'unknown';
+
+/**
+ * @public
+ */
+export type EcsEventType =
+  | 'access'
+  | 'admin'
+  | 'allowed'
+  | 'change'
+  | 'connection'
+  | 'creation'
+  | 'deletion'
+  | 'denied'
+  | 'end'
+  | 'error'
+  | 'group'
+  | 'info'
+  | 'installation'
+  | 'protocol'
+  | 'start'
+  | 'user';