[iis] set event.module and event.dataset (#1246)

packages/iis/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.5.0"
+  changes:
+    - description: Set "event.module" and "event.dataset"
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/1246
 - version: "0.4.0"
   changes:
     - description: update to ECS 1.10.0 and add event.original options

packages/iis/data_stream/access/fields/base-fields.yml

@@ -10,3 +10,11 @@
 - name: '@timestamp'
   type: date
   description: Event timestamp.
+- name: event.module
+  type: constant_keyword
+  description: Event module
+  value: iis
+- name: event.dataset
+  type: constant_keyword
+  description: Event dataset
+  value: iis.access

packages/iis/data_stream/application_pool/fields/base-fields.yml

@@ -10,3 +10,11 @@
 - name: '@timestamp'
   type: date
   description: Event timestamp.
+- name: event.module
+  type: constant_keyword
+  description: Event module
+  value: iis
+- name: event.dataset
+  type: constant_keyword
+  description: Event dataset
+  value: iis.application_pool

packages/iis/data_stream/error/fields/base-fields.yml

@@ -10,3 +10,11 @@
 - name: '@timestamp'
   type: date
   description: Event timestamp.
+- name: event.module
+  type: constant_keyword
+  description: Event module
+  value: iis
+- name: event.dataset
+  type: constant_keyword
+  description: Event dataset
+  value: iis.error

packages/iis/data_stream/webserver/fields/base-fields.yml

@@ -10,3 +10,11 @@
 - name: '@timestamp'
   type: date
   description: Event timestamp.
+- name: event.module
+  type: constant_keyword
+  description: Event module
+  value: iis
+- name: event.dataset
+  type: constant_keyword
+  description: Event dataset
+  value: iis.webserver

packages/iis/data_stream/website/fields/base-fields.yml

@@ -10,3 +10,11 @@
 - name: '@timestamp'
   type: date
   description: Event timestamp.
+- name: event.module
+  type: constant_keyword
+  description: Event module
+  value: iis
+- name: event.dataset
+  type: constant_keyword
+  description: Event dataset
+  value: iis.website

packages/iis/docs/README.md

@@ -127,6 +127,8 @@ The fields reported are:
 | data_stream.namespace | Data stream namespace. | constant_keyword |
 | data_stream.type | Data stream type. | constant_keyword |
 | ecs.version | ECS version | keyword |
+| event.dataset | Event dataset | constant_keyword |
+| event.module | Event module | constant_keyword |
 | host.architecture | Operating system architecture. | keyword |
 | host.containerized | If the host is a container. | boolean |
 | host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword |
@@ -271,6 +273,8 @@ The fields reported are:
 | data_stream.namespace | Data stream namespace. | constant_keyword |
 | data_stream.type | Data stream type. | constant_keyword |
 | ecs.version | ECS version | keyword |
+| event.dataset | Event dataset | constant_keyword |
+| event.module | Event module | constant_keyword |
 | host.architecture | Operating system architecture. | keyword |
 | host.containerized | If the host is a container. | boolean |
 | host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword |
@@ -377,6 +381,8 @@ The fields reported are:
 | data_stream.namespace | Data stream namespace. | constant_keyword |
 | data_stream.type | Data stream type. | constant_keyword |
 | ecs.version | ECS version | keyword |
+| event.dataset | Event dataset | constant_keyword |
+| event.module | Event module | constant_keyword |
 | host.architecture | Operating system architecture. | keyword |
 | host.containerized | If the host is a container. | boolean |
 | host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword |
@@ -526,6 +532,8 @@ The fields reported are:
 | destination.port | Port of the destination. | long |
 | ecs.version | ECS version | keyword |
 | error.message | Error message. | text |
+| event.dataset | Event dataset | constant_keyword |
+| event.module | Event module | constant_keyword |
 | host.architecture | Operating system architecture. | keyword |
 | host.containerized | If the host is a container. | boolean |
 | host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword |
@@ -668,6 +676,8 @@ The fields reported are:
 | destination.port | Port of the destination. | long |
 | ecs.version | ECS version | keyword |
 | error.message | Error message | text |
+| event.dataset | Event dataset | constant_keyword |
+| event.module | Event module | constant_keyword |
 | host.architecture | Operating system architecture. | keyword |
 | host.containerized | If the host is a container. | boolean |
 | host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword |

packages/iis/manifest.yml

@@ -1,6 +1,6 @@
 name: iis
 title: IIS
-version: 0.4.0
+version: 0.5.0
 description: IIS Integration
 type: integration
 icons:
@@ -14,7 +14,7 @@ categories:
   - web
 release: beta
 conditions:
-  kibana.version: "^7.9.0"
+  kibana.version: "^7.14.0"
 screenshots:
   - src: /img/kibana-iis.png
     title: kibana iis