From c1c7b0c40f651b6caf9c6149b9118ca43490104f Mon Sep 17 00:00:00 2001
From: ruflin <spam@ruflin.com>
Date: Mon, 8 Jun 2020 15:57:14 +0200
Subject: [PATCH 1/4] Update packages and import script to use new dataset
 definition

For now, the packages have old and new fields inside. As soon as Kibana and Agent are shipped, the old definition can be removed. See also https://github.com/elastic/package-storage/pull/56
---
 dev/import-beats/fields_base_fields.go        | 12 +++----
 .../dataset/billing/fields/base-fields.yml    | 17 ++++++++++
 .../dataset/cloudtrail/fields/base-fields.yml | 17 ++++++++++
 .../cloudwatch-logs/fields/base-fields.yml    | 17 ++++++++++
 .../cloudwatch-metrics/fields/base-fields.yml | 17 ++++++++++
 .../dataset/dynamodb/fields/base-fields.yml   | 17 ++++++++++
 .../aws/dataset/ebs/fields/base-fields.yml    | 17 ++++++++++
 .../dataset/ec2-logs/fields/base-fields.yml   | 17 ++++++++++
 .../ec2-metrics/fields/base-fields.yml        | 17 ++++++++++
 .../dataset/elb-logs/fields/base-fields.yml   | 17 ++++++++++
 .../elb-metrics/fields/base-fields.yml        | 17 ++++++++++
 .../aws/dataset/lambda/fields/base-fields.yml | 17 ++++++++++
 .../dataset/natgateway/fields/base-fields.yml | 17 ++++++++++
 .../aws/dataset/rds/fields/base-fields.yml    | 17 ++++++++++
 .../s3_daily_storage/fields/base-fields.yml   | 17 ++++++++++
 .../dataset/s3_request/fields/base-fields.yml | 17 ++++++++++
 .../dataset/s3access/fields/base-fields.yml   | 17 ++++++++++
 .../aws/dataset/sns/fields/base-fields.yml    | 17 ++++++++++
 .../aws/dataset/sqs/fields/base-fields.yml    | 17 ++++++++++
 .../transitgateway/fields/base-fields.yml     | 17 ++++++++++
 .../aws/dataset/usage/fields/base-fields.yml  | 17 ++++++++++
 .../dataset/vpcflow/fields/base-fields.yml    | 17 ++++++++++
 .../aws/dataset/vpn/fields/base-fields.yml    | 17 ++++++++++
 .../cisco/dataset/asa/fields/base-fields.yml  | 17 ++++++++++
 .../cisco/dataset/ftd/fields/base-fields.yml  | 17 ++++++++++
 .../cisco/dataset/ios/fields/base-fields.yml  | 17 ++++++++++
 .../dataset/broker/fields/base-fields.yml     | 17 ++++++++++
 .../consumergroup/fields/base-fields.yml      | 17 ++++++++++
 .../kafka/dataset/log/fields/base-fields.yml  | 17 ++++++++++
 .../dataset/partition/fields/base-fields.yml  | 17 ++++++++++
 .../log/dataset/log/fields/base-fields.yml    | 17 ++++++++++
 .../dataset/error/fields/base-fields.yml      | 17 ++++++++++
 .../galera_status/fields/base-fields.yml      | 17 ++++++++++
 .../dataset/slowlog/fields/base-fields.yml    | 17 ++++++++++
 .../dataset/status/fields/base-fields.yml     | 17 ++++++++++
 .../dataset/log/fields/base-fields.yml        | 34 +++++++++++++++++++
 .../dataset/access/fields/base-fields.yml     | 17 ++++++++++
 .../dataset/error/fields/base-fields.yml      | 17 ++++++++++
 .../ingress_controller/fields/base-fields.yml | 17 ++++++++++
 .../dataset/stubstatus/fields/base-fields.yml | 17 ++++++++++
 .../redis/dataset/info/fields/base-fields.yml | 17 ++++++++++
 .../redis/dataset/key/fields/base-fields.yml  | 17 ++++++++++
 .../dataset/keyspace/fields/base-fields.yml   | 17 ++++++++++
 .../redis/dataset/log/fields/base-fields.yml  | 17 ++++++++++
 .../dataset/slowlog/fields/base-fields.yml    | 17 ++++++++++
 .../dataset/auth/fields/base-fields.yml       | 17 ++++++++++
 .../dataset/core/fields/base-fields.yml       | 17 ++++++++++
 .../system/dataset/cpu/fields/base-fields.yml | 17 ++++++++++
 .../dataset/diskio/fields/base-fields.yml     | 17 ++++++++++
 .../dataset/entropy/fields/base-fields.yml    | 17 ++++++++++
 .../dataset/filesystem/fields/base-fields.yml | 17 ++++++++++
 .../dataset/fsstat/fields/base-fields.yml     | 17 ++++++++++
 .../dataset/load/fields/base-fields.yml       | 17 ++++++++++
 .../dataset/memory/fields/base-fields.yml     | 17 ++++++++++
 .../dataset/network/fields/base-fields.yml    | 17 ++++++++++
 .../network_summary/fields/base-fields.yml    | 17 ++++++++++
 .../dataset/process/fields/base-fields.yml    | 17 ++++++++++
 .../process_summary/fields/base-fields.yml    | 17 ++++++++++
 .../dataset/raid/fields/base-fields.yml       | 17 ++++++++++
 .../dataset/service/fields/base-fields.yml    | 17 ++++++++++
 .../dataset/socket/fields/base-fields.yml     | 17 ++++++++++
 .../socket_summary/fields/base-fields.yml     | 17 ++++++++++
 .../dataset/syslog/fields/base-fields.yml     | 17 ++++++++++
 .../dataset/uptime/fields/base-fields.yml     | 17 ++++++++++
 .../dataset/users/fields/base-fields.yml      | 17 ++++++++++
 65 files changed, 1111 insertions(+), 6 deletions(-)

diff --git a/dev/import-beats/fields_base_fields.go b/dev/import-beats/fields_base_fields.go
index 4665f9306a2..46fccbaca27 100644
--- a/dev/import-beats/fields_base_fields.go
+++ b/dev/import-beats/fields_base_fields.go
@@ -9,19 +9,19 @@ var baseFields = createBaseFields()
 func createBaseFields() []fieldDefinition {
 	return []fieldDefinition{
 		{
-			Name:        "stream.type",
+			Name:        "dataset.type",
 			Type:        "constant_keyword",
-			Description: "Stream type.",
+			Description: "Dataset type.",
 		},
 		{
-			Name:        "stream.dataset",
+			Name:        "dataset.name",
 			Type:        "constant_keyword",
-			Description: "Stream dataset.",
+			Description: "Dataset name.",
 		},
 		{
-			Name:        "stream.namespace",
+			Name:        "dataset.namespace",
 			Type:        "constant_keyword",
-			Description: "Stream namespace.",
+			Description: "Dataset namespace.",
 		},
 		{
 			Name:        "@timestamp",
diff --git a/packages/aws/dataset/billing/fields/base-fields.yml b/packages/aws/dataset/billing/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/billing/fields/base-fields.yml
+++ b/packages/aws/dataset/billing/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/cloudtrail/fields/base-fields.yml b/packages/aws/dataset/cloudtrail/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/cloudtrail/fields/base-fields.yml
+++ b/packages/aws/dataset/cloudtrail/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/cloudwatch-logs/fields/base-fields.yml b/packages/aws/dataset/cloudwatch-logs/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/cloudwatch-logs/fields/base-fields.yml
+++ b/packages/aws/dataset/cloudwatch-logs/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/cloudwatch-metrics/fields/base-fields.yml b/packages/aws/dataset/cloudwatch-metrics/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/cloudwatch-metrics/fields/base-fields.yml
+++ b/packages/aws/dataset/cloudwatch-metrics/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/dynamodb/fields/base-fields.yml b/packages/aws/dataset/dynamodb/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/dynamodb/fields/base-fields.yml
+++ b/packages/aws/dataset/dynamodb/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/ebs/fields/base-fields.yml b/packages/aws/dataset/ebs/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/ebs/fields/base-fields.yml
+++ b/packages/aws/dataset/ebs/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/ec2-logs/fields/base-fields.yml b/packages/aws/dataset/ec2-logs/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/ec2-logs/fields/base-fields.yml
+++ b/packages/aws/dataset/ec2-logs/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/ec2-metrics/fields/base-fields.yml b/packages/aws/dataset/ec2-metrics/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/ec2-metrics/fields/base-fields.yml
+++ b/packages/aws/dataset/ec2-metrics/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/elb-logs/fields/base-fields.yml b/packages/aws/dataset/elb-logs/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/elb-logs/fields/base-fields.yml
+++ b/packages/aws/dataset/elb-logs/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/elb-metrics/fields/base-fields.yml b/packages/aws/dataset/elb-metrics/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/elb-metrics/fields/base-fields.yml
+++ b/packages/aws/dataset/elb-metrics/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/lambda/fields/base-fields.yml b/packages/aws/dataset/lambda/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/lambda/fields/base-fields.yml
+++ b/packages/aws/dataset/lambda/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/natgateway/fields/base-fields.yml b/packages/aws/dataset/natgateway/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/natgateway/fields/base-fields.yml
+++ b/packages/aws/dataset/natgateway/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/rds/fields/base-fields.yml b/packages/aws/dataset/rds/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/rds/fields/base-fields.yml
+++ b/packages/aws/dataset/rds/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/s3_daily_storage/fields/base-fields.yml b/packages/aws/dataset/s3_daily_storage/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/s3_daily_storage/fields/base-fields.yml
+++ b/packages/aws/dataset/s3_daily_storage/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/s3_request/fields/base-fields.yml b/packages/aws/dataset/s3_request/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/s3_request/fields/base-fields.yml
+++ b/packages/aws/dataset/s3_request/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/s3access/fields/base-fields.yml b/packages/aws/dataset/s3access/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/s3access/fields/base-fields.yml
+++ b/packages/aws/dataset/s3access/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/sns/fields/base-fields.yml b/packages/aws/dataset/sns/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/sns/fields/base-fields.yml
+++ b/packages/aws/dataset/sns/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/sqs/fields/base-fields.yml b/packages/aws/dataset/sqs/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/sqs/fields/base-fields.yml
+++ b/packages/aws/dataset/sqs/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/transitgateway/fields/base-fields.yml b/packages/aws/dataset/transitgateway/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/transitgateway/fields/base-fields.yml
+++ b/packages/aws/dataset/transitgateway/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/usage/fields/base-fields.yml b/packages/aws/dataset/usage/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/usage/fields/base-fields.yml
+++ b/packages/aws/dataset/usage/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/vpcflow/fields/base-fields.yml b/packages/aws/dataset/vpcflow/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/vpcflow/fields/base-fields.yml
+++ b/packages/aws/dataset/vpcflow/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/aws/dataset/vpn/fields/base-fields.yml b/packages/aws/dataset/vpn/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/aws/dataset/vpn/fields/base-fields.yml
+++ b/packages/aws/dataset/vpn/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/cisco/dataset/asa/fields/base-fields.yml b/packages/cisco/dataset/asa/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/cisco/dataset/asa/fields/base-fields.yml
+++ b/packages/cisco/dataset/asa/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/cisco/dataset/ftd/fields/base-fields.yml b/packages/cisco/dataset/ftd/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/cisco/dataset/ftd/fields/base-fields.yml
+++ b/packages/cisco/dataset/ftd/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/cisco/dataset/ios/fields/base-fields.yml b/packages/cisco/dataset/ios/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/cisco/dataset/ios/fields/base-fields.yml
+++ b/packages/cisco/dataset/ios/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/kafka/dataset/broker/fields/base-fields.yml b/packages/kafka/dataset/broker/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/kafka/dataset/broker/fields/base-fields.yml
+++ b/packages/kafka/dataset/broker/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/kafka/dataset/consumergroup/fields/base-fields.yml b/packages/kafka/dataset/consumergroup/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/kafka/dataset/consumergroup/fields/base-fields.yml
+++ b/packages/kafka/dataset/consumergroup/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/kafka/dataset/log/fields/base-fields.yml b/packages/kafka/dataset/log/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/kafka/dataset/log/fields/base-fields.yml
+++ b/packages/kafka/dataset/log/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/kafka/dataset/partition/fields/base-fields.yml b/packages/kafka/dataset/partition/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/kafka/dataset/partition/fields/base-fields.yml
+++ b/packages/kafka/dataset/partition/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/log/dataset/log/fields/base-fields.yml b/packages/log/dataset/log/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/log/dataset/log/fields/base-fields.yml
+++ b/packages/log/dataset/log/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/mysql/dataset/error/fields/base-fields.yml b/packages/mysql/dataset/error/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/mysql/dataset/error/fields/base-fields.yml
+++ b/packages/mysql/dataset/error/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/mysql/dataset/galera_status/fields/base-fields.yml b/packages/mysql/dataset/galera_status/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/mysql/dataset/galera_status/fields/base-fields.yml
+++ b/packages/mysql/dataset/galera_status/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/mysql/dataset/slowlog/fields/base-fields.yml b/packages/mysql/dataset/slowlog/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/mysql/dataset/slowlog/fields/base-fields.yml
+++ b/packages/mysql/dataset/slowlog/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/mysql/dataset/status/fields/base-fields.yml b/packages/mysql/dataset/status/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/mysql/dataset/status/fields/base-fields.yml
+++ b/packages/mysql/dataset/status/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/netflow/dataset/log/fields/base-fields.yml b/packages/netflow/dataset/log/fields/base-fields.yml
index 1fb7d7b3bf3..0f8ba01ffeb 100644
--- a/packages/netflow/dataset/log/fields/base-fields.yml
+++ b/packages/netflow/dataset/log/fields/base-fields.yml
@@ -14,3 +14,37 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/nginx/dataset/access/fields/base-fields.yml b/packages/nginx/dataset/access/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/nginx/dataset/access/fields/base-fields.yml
+++ b/packages/nginx/dataset/access/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/nginx/dataset/error/fields/base-fields.yml b/packages/nginx/dataset/error/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/nginx/dataset/error/fields/base-fields.yml
+++ b/packages/nginx/dataset/error/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/nginx/dataset/ingress_controller/fields/base-fields.yml b/packages/nginx/dataset/ingress_controller/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/nginx/dataset/ingress_controller/fields/base-fields.yml
+++ b/packages/nginx/dataset/ingress_controller/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/nginx/dataset/stubstatus/fields/base-fields.yml b/packages/nginx/dataset/stubstatus/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/nginx/dataset/stubstatus/fields/base-fields.yml
+++ b/packages/nginx/dataset/stubstatus/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/redis/dataset/info/fields/base-fields.yml b/packages/redis/dataset/info/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/redis/dataset/info/fields/base-fields.yml
+++ b/packages/redis/dataset/info/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/redis/dataset/key/fields/base-fields.yml b/packages/redis/dataset/key/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/redis/dataset/key/fields/base-fields.yml
+++ b/packages/redis/dataset/key/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/redis/dataset/keyspace/fields/base-fields.yml b/packages/redis/dataset/keyspace/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/redis/dataset/keyspace/fields/base-fields.yml
+++ b/packages/redis/dataset/keyspace/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/redis/dataset/log/fields/base-fields.yml b/packages/redis/dataset/log/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/redis/dataset/log/fields/base-fields.yml
+++ b/packages/redis/dataset/log/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/redis/dataset/slowlog/fields/base-fields.yml b/packages/redis/dataset/slowlog/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/redis/dataset/slowlog/fields/base-fields.yml
+++ b/packages/redis/dataset/slowlog/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/auth/fields/base-fields.yml b/packages/system/dataset/auth/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/auth/fields/base-fields.yml
+++ b/packages/system/dataset/auth/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/core/fields/base-fields.yml b/packages/system/dataset/core/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/core/fields/base-fields.yml
+++ b/packages/system/dataset/core/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/cpu/fields/base-fields.yml b/packages/system/dataset/cpu/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/cpu/fields/base-fields.yml
+++ b/packages/system/dataset/cpu/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/diskio/fields/base-fields.yml b/packages/system/dataset/diskio/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/diskio/fields/base-fields.yml
+++ b/packages/system/dataset/diskio/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/entropy/fields/base-fields.yml b/packages/system/dataset/entropy/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/entropy/fields/base-fields.yml
+++ b/packages/system/dataset/entropy/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/filesystem/fields/base-fields.yml b/packages/system/dataset/filesystem/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/filesystem/fields/base-fields.yml
+++ b/packages/system/dataset/filesystem/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/fsstat/fields/base-fields.yml b/packages/system/dataset/fsstat/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/fsstat/fields/base-fields.yml
+++ b/packages/system/dataset/fsstat/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/load/fields/base-fields.yml b/packages/system/dataset/load/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/load/fields/base-fields.yml
+++ b/packages/system/dataset/load/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/memory/fields/base-fields.yml b/packages/system/dataset/memory/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/memory/fields/base-fields.yml
+++ b/packages/system/dataset/memory/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/network/fields/base-fields.yml b/packages/system/dataset/network/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/network/fields/base-fields.yml
+++ b/packages/system/dataset/network/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/network_summary/fields/base-fields.yml b/packages/system/dataset/network_summary/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/network_summary/fields/base-fields.yml
+++ b/packages/system/dataset/network_summary/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/process/fields/base-fields.yml b/packages/system/dataset/process/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/process/fields/base-fields.yml
+++ b/packages/system/dataset/process/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/process_summary/fields/base-fields.yml b/packages/system/dataset/process_summary/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/process_summary/fields/base-fields.yml
+++ b/packages/system/dataset/process_summary/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/raid/fields/base-fields.yml b/packages/system/dataset/raid/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/raid/fields/base-fields.yml
+++ b/packages/system/dataset/raid/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/service/fields/base-fields.yml b/packages/system/dataset/service/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/service/fields/base-fields.yml
+++ b/packages/system/dataset/service/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/socket/fields/base-fields.yml b/packages/system/dataset/socket/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/socket/fields/base-fields.yml
+++ b/packages/system/dataset/socket/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/socket_summary/fields/base-fields.yml b/packages/system/dataset/socket_summary/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/socket_summary/fields/base-fields.yml
+++ b/packages/system/dataset/socket_summary/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/syslog/fields/base-fields.yml b/packages/system/dataset/syslog/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/syslog/fields/base-fields.yml
+++ b/packages/system/dataset/syslog/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/uptime/fields/base-fields.yml b/packages/system/dataset/uptime/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/uptime/fields/base-fields.yml
+++ b/packages/system/dataset/uptime/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.
diff --git a/packages/system/dataset/users/fields/base-fields.yml b/packages/system/dataset/users/fields/base-fields.yml
index 1fb7d7b3bf3..5a6e3c1d08c 100644
--- a/packages/system/dataset/users/fields/base-fields.yml
+++ b/packages/system/dataset/users/fields/base-fields.yml
@@ -14,3 +14,20 @@
   type: date
   description: >
     Event timestamp.
+
+- name: dataset.type
+  type: constant_keyword
+  description: >
+    Dataset type.
+- name: dataset.name
+  type: constant_keyword
+  description: >
+    Dataset name.
+- name: dataset.namespace
+  type: constant_keyword
+  description: >
+    Dataset namespace.
+- name: "@timestamp"
+  type: date
+  description: >
+    Event timestamp.

From 2a168c207ca5a308d195a5de8a2993cb574d6568 Mon Sep 17 00:00:00 2001
From: ruflin <spam@ruflin.com>
Date: Mon, 8 Jun 2020 15:58:52 +0200
Subject: [PATCH 2/4] update dashboards with new dataset change

---
 .../dashboard/d17b1000-17a4-11ea-8e91-03c7047cbb9d.json       | 4 ++--
 .../aws/kibana/map/dae24080-739a-11ea-a345-f985c61fe654.json  | 2 +-
 .../kibana/search/30ccde50-7397-11ea-a345-f985c61fe654.json   | 4 ++--
 .../visualization/5c93cd10-bac3-11e9-9f70-1f7bda85a5eb.json   | 2 +-
 packages/kafka/kibana/search/All Kafka logs-ecs.json          | 4 ++--
 packages/mysql/kibana/search/Logs-MySQL-Slow-log-ecs.json     | 4 ++--
 packages/mysql/kibana/search/Logs-MySQL-error-log-ecs.json    | 4 ++--
 .../search/6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs.json      | 2 +-
 .../search/9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs.json      | 2 +-
 packages/nginx/kibana/search/Filebeat-Nginx-module-ecs.json   | 2 +-
 packages/nginx/kibana/search/Logs-Nginx-integration-ecs.json  | 2 +-
 .../0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs.json             | 2 +-
 .../1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs.json             | 2 +-
 .../46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs.json             | 2 +-
 .../9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs.json             | 2 +-
 .../b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs.json             | 2 +-
 .../search/0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs.json      | 2 +-
 .../search/73613570-4791-11e7-be88-2ddb32f3df97-ecs.json      | 4 ++--
 packages/redis/kibana/search/Metrics-Redis-ecs.json           | 2 +-
 .../78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs.json             | 2 +-
 .../d2864600-478f-11e7-be88-2ddb32f3df97-ecs.json             | 2 +-
 .../search/62439dc0-f9c9-11e6-a747-6121780e0414-ecs.json      | 2 +-
 packages/system/kibana/search/Syslog-system-logs-ecs.json     | 2 +-
 23 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/packages/aws/kibana/dashboard/d17b1000-17a4-11ea-8e91-03c7047cbb9d.json b/packages/aws/kibana/dashboard/d17b1000-17a4-11ea-8e91-03c7047cbb9d.json
index daed79a7d38..58d12891604 100644
--- a/packages/aws/kibana/dashboard/d17b1000-17a4-11ea-8e91-03c7047cbb9d.json
+++ b/packages/aws/kibana/dashboard/d17b1000-17a4-11ea-8e91-03c7047cbb9d.json
@@ -13,7 +13,7 @@
                             "alias": null,
                             "disabled": false,
                             "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
-                            "key": "stream.dataset",
+                            "key": "dataset.name",
                             "negate": false,
                             "params": {
                                 "query": "aws.sns"
@@ -23,7 +23,7 @@
                         },
                         "query": {
                             "match": {
-                                "stream.dataset": {
+                                "dataset.name": {
                                     "query": "aws.sns",
                                     "type": "phrase"
                                 }
diff --git a/packages/aws/kibana/map/dae24080-739a-11ea-a345-f985c61fe654.json b/packages/aws/kibana/map/dae24080-739a-11ea-a345-f985c61fe654.json
index 9e6eb6ed271..b7ae73c7a7b 100644
--- a/packages/aws/kibana/map/dae24080-739a-11ea-a345-f985c61fe654.json
+++ b/packages/aws/kibana/map/dae24080-739a-11ea-a345-f985c61fe654.json
@@ -52,7 +52,7 @@
                 "minZoom": 0,
                 "query": {
                     "language": "kuery",
-                    "query": "stream.dataset:aws.cloudtrail"
+                    "query": "dataset.name:aws.cloudtrail"
                 },
                 "sourceDescriptor": {
                     "applyGlobalQuery": true,
diff --git a/packages/aws/kibana/search/30ccde50-7397-11ea-a345-f985c61fe654.json b/packages/aws/kibana/search/30ccde50-7397-11ea-a345-f985c61fe654.json
index 606738dd8ad..02503755681 100644
--- a/packages/aws/kibana/search/30ccde50-7397-11ea-a345-f985c61fe654.json
+++ b/packages/aws/kibana/search/30ccde50-7397-11ea-a345-f985c61fe654.json
@@ -22,7 +22,7 @@
                             "alias": null,
                             "disabled": false,
                             "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
-                            "key": "stream.dataset",
+                            "key": "dataset.name",
                             "negate": false,
                             "params": {
                                 "query": "aws.cloudtrail"
@@ -31,7 +31,7 @@
                         },
                         "query": {
                             "match_phrase": {
-                                "stream.dataset": "aws.cloudtrail"
+                                "dataset.name": "aws.cloudtrail"
                             }
                         }
                     }
diff --git a/packages/aws/kibana/visualization/5c93cd10-bac3-11e9-9f70-1f7bda85a5eb.json b/packages/aws/kibana/visualization/5c93cd10-bac3-11e9-9f70-1f7bda85a5eb.json
index 2550a00fa18..f85969b3bb8 100644
--- a/packages/aws/kibana/visualization/5c93cd10-bac3-11e9-9f70-1f7bda85a5eb.json
+++ b/packages/aws/kibana/visualization/5c93cd10-bac3-11e9-9f70-1f7bda85a5eb.json
@@ -23,7 +23,7 @@
                 "default_timefield": "@timestamp",
                 "filter": {
                     "language": "lucene",
-                    "query": "stream.dataset:aws.s3access"
+                    "query": "dataset.name:aws.s3access"
                 },
                 "id": "61ca57f0-469d-11e7-af02-69e470af7417",
                 "index_pattern": "logs-*",
diff --git a/packages/kafka/kibana/search/All Kafka logs-ecs.json b/packages/kafka/kibana/search/All Kafka logs-ecs.json
index ada0c5ef49b..b6e37f6279a 100644
--- a/packages/kafka/kibana/search/All Kafka logs-ecs.json	
+++ b/packages/kafka/kibana/search/All Kafka logs-ecs.json	
@@ -21,11 +21,11 @@
                             "key": "query",
                             "negate": false,
                             "type": "custom",
-                            "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"kafka.\"}}}"
+                            "value": "{\"match_phrase_prefix\":{\"dataset.name\":{\"query\":\"kafka.\"}}}"
                         },
                         "query": {
                             "match_phrase_prefix": {
-                                "stream.dataset": {
+                                "dataset.name": {
                                     "query": "kafka."
                                 }
                             }
diff --git a/packages/mysql/kibana/search/Logs-MySQL-Slow-log-ecs.json b/packages/mysql/kibana/search/Logs-MySQL-Slow-log-ecs.json
index dc57ff877f6..8109517c639 100644
--- a/packages/mysql/kibana/search/Logs-MySQL-Slow-log-ecs.json
+++ b/packages/mysql/kibana/search/Logs-MySQL-Slow-log-ecs.json
@@ -17,7 +17,7 @@
                             "negate": false,
                             "disabled": false,
                             "type": "phrase",
-                            "key": "stream.dataset",
+                            "key": "dataset.name",
                             "params": {
                                 "query": "mysql.slowlog"
                             },
@@ -25,7 +25,7 @@
                         },
                         "query": {
                             "match_phrase": {
-                                "stream.dataset": "mysql.slowlog"
+                                "dataset.name": "mysql.slowlog"
                             }
                         }
                     }
diff --git a/packages/mysql/kibana/search/Logs-MySQL-error-log-ecs.json b/packages/mysql/kibana/search/Logs-MySQL-error-log-ecs.json
index 5cd3a8c1858..43886b7eb26 100644
--- a/packages/mysql/kibana/search/Logs-MySQL-error-log-ecs.json
+++ b/packages/mysql/kibana/search/Logs-MySQL-error-log-ecs.json
@@ -18,7 +18,7 @@
                             "negate": false,
                             "disabled": false,
                             "type": "phrase",
-                            "key": "stream.dataset",
+                            "key": "dataset.name",
                             "params": {
                                 "query": "mysql.error"
                             },
@@ -26,7 +26,7 @@
                         },
                         "query": {
                             "match_phrase": {
-                                "stream.dataset": "mysql.error"
+                                "dataset.name": "mysql.error"
                             }
                         }
                     }
diff --git a/packages/nginx/kibana/search/6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs.json b/packages/nginx/kibana/search/6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs.json
index 84f2c64a2a5..7c24775bce8 100644
--- a/packages/nginx/kibana/search/6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs.json
+++ b/packages/nginx/kibana/search/6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs.json
@@ -28,7 +28,7 @@
                 "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
                 "query": {
                     "language": "kuery",
-                    "query": "(stream.dataset:nginx.access OR stream.dataset:nginx.error OR stream.dataset:nginx.ingress_controller)  AND url.original:*"
+                    "query": "(dataset.name:nginx.access OR dataset.name:nginx.error OR dataset.name:nginx.ingress_controller)  AND url.original:*"
                 },
                 "version": true
             }
diff --git a/packages/nginx/kibana/search/9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs.json b/packages/nginx/kibana/search/9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs.json
index 8737c9aa70e..b8da2528f25 100644
--- a/packages/nginx/kibana/search/9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs.json
+++ b/packages/nginx/kibana/search/9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs.json
@@ -26,7 +26,7 @@
                 "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
                 "query": {
                     "language": "kuery",
-                    "query": "(stream.dataset:nginx.access OR stream.dataset:nginx.error OR stream.dataset:nginx.ingress_controller)  AND message:*"
+                    "query": "(dataset.name:nginx.access OR dataset.name:nginx.error OR dataset.name:nginx.ingress_controller)  AND message:*"
                 },
                 "version": true
             }
diff --git a/packages/nginx/kibana/search/Filebeat-Nginx-module-ecs.json b/packages/nginx/kibana/search/Filebeat-Nginx-module-ecs.json
index 926e707bde5..eda30d581ce 100644
--- a/packages/nginx/kibana/search/Filebeat-Nginx-module-ecs.json
+++ b/packages/nginx/kibana/search/Filebeat-Nginx-module-ecs.json
@@ -29,7 +29,7 @@
                 "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
                 "query": {
                     "language": "kuery",
-                    "query": "(stream.dataset:nginx.access OR stream.dataset:nginx.error OR stream.dataset:nginx.ingress_controller)"
+                    "query": "(dataset.name:nginx.access OR dataset.name:nginx.error OR dataset.name:nginx.ingress_controller)"
                 },
                 "version": true
             }
diff --git a/packages/nginx/kibana/search/Logs-Nginx-integration-ecs.json b/packages/nginx/kibana/search/Logs-Nginx-integration-ecs.json
index 80b35208be5..b2d85c05005 100644
--- a/packages/nginx/kibana/search/Logs-Nginx-integration-ecs.json
+++ b/packages/nginx/kibana/search/Logs-Nginx-integration-ecs.json
@@ -29,7 +29,7 @@
                 "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
                 "query": {
                     "language": "kuery",
-                    "query": "(stream.dataset:nginx.access OR stream.dataset:nginx.error OR stream.dataset:nginx.ingress_controller)"
+                    "query": "(dataset.name:nginx.access OR dataset.name:nginx.error OR dataset.name:nginx.ingress_controller)"
                 },
                 "version": true
             }
diff --git a/packages/nginx/kibana/visualization/0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs.json b/packages/nginx/kibana/visualization/0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs.json
index 563a60a8912..a161b346bb4 100644
--- a/packages/nginx/kibana/visualization/0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs.json
+++ b/packages/nginx/kibana/visualization/0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs.json
@@ -14,7 +14,7 @@
                 "axis_position": "left",
                 "filter": {
                     "language": "lucene",
-                    "query": "stream.dataset:nginx.access"
+                    "query": "dataset.name:nginx.access"
                 },
                 "id": "61ca57f0-469d-11e7-af02-69e470af7417",
                 "index_pattern": "logs-*",
diff --git a/packages/nginx/kibana/visualization/1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs.json b/packages/nginx/kibana/visualization/1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs.json
index d5cf81c0bf2..38925d1ff7e 100644
--- a/packages/nginx/kibana/visualization/1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs.json
+++ b/packages/nginx/kibana/visualization/1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs.json
@@ -30,7 +30,7 @@
                 ],
                 "filter": {
                     "language": "lucene",
-                    "query": "stream.dataset:nginx.access"
+                    "query": "dataset.name:nginx.access"
                 },
                 "id": "61ca57f0-469d-11e7-af02-69e470af7417",
                 "index_pattern": "logs-*",
diff --git a/packages/nginx/kibana/visualization/46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs.json b/packages/nginx/kibana/visualization/46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs.json
index 5e8ddfb4267..bc4bb6cd0c1 100644
--- a/packages/nginx/kibana/visualization/46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs.json
+++ b/packages/nginx/kibana/visualization/46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs.json
@@ -14,7 +14,7 @@
                 "axis_position": "left",
                 "filter": {
                     "language": "lucene",
-                    "query": "stream.dataset:nginx.error"
+                    "query": "dataset.name:nginx.error"
                 },
                 "id": "61ca57f0-469d-11e7-af02-69e470af7417",
                 "index_pattern": "logs-*",
diff --git a/packages/nginx/kibana/visualization/9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs.json b/packages/nginx/kibana/visualization/9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs.json
index 43344e25c8e..44ecb945722 100644
--- a/packages/nginx/kibana/visualization/9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs.json
+++ b/packages/nginx/kibana/visualization/9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs.json
@@ -19,7 +19,7 @@
                 ],
                 "filter": {
                     "language": "lucene",
-                    "query": "stream.dataset:nginx.access"
+                    "query": "dataset.name:nginx.access"
                 },
                 "id": "61ca57f0-469d-11e7-af02-69e470af7417",
                 "index_pattern": "logs-*",
diff --git a/packages/nginx/kibana/visualization/b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs.json b/packages/nginx/kibana/visualization/b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs.json
index e18fa0def39..28a4c156891 100644
--- a/packages/nginx/kibana/visualization/b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs.json
+++ b/packages/nginx/kibana/visualization/b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs.json
@@ -14,7 +14,7 @@
                 "axis_position": "left",
                 "filter": {
                     "language": "lucene",
-                    "query": "stream.dataset:nginx.access"
+                    "query": "dataset.name:nginx.access"
                 },
                 "id": "61ca57f0-469d-11e7-af02-69e470af7417",
                 "index_pattern": "logs-*",
diff --git a/packages/redis/kibana/search/0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs.json b/packages/redis/kibana/search/0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs.json
index 039d7f6babf..6576c8ab408 100644
--- a/packages/redis/kibana/search/0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs.json
+++ b/packages/redis/kibana/search/0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs.json
@@ -15,7 +15,7 @@
                 "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
                 "query": {
                     "language": "kuery",
-                    "query": "stream.dataset:redis.slowlog"
+                    "query": "dataset.name:redis.slowlog"
                 },
                 "version": true
             }
diff --git a/packages/redis/kibana/search/73613570-4791-11e7-be88-2ddb32f3df97-ecs.json b/packages/redis/kibana/search/73613570-4791-11e7-be88-2ddb32f3df97-ecs.json
index 039a83f8202..4c541f86964 100644
--- a/packages/redis/kibana/search/73613570-4791-11e7-be88-2ddb32f3df97-ecs.json
+++ b/packages/redis/kibana/search/73613570-4791-11e7-be88-2ddb32f3df97-ecs.json
@@ -20,7 +20,7 @@
                             "negate": false,
                             "disabled": false,
                             "type": "phrase",
-                            "key": "stream.dataset",
+                            "key": "dataset.name",
                             "params": {
                                 "query": "redis.log"
                             },
@@ -28,7 +28,7 @@
                         },
                         "query": {
                             "match_phrase": {
-                                "stream.dataset": "redis.log"
+                                "dataset.name": "redis.log"
                             }
                         }
                     }
diff --git a/packages/redis/kibana/search/Metrics-Redis-ecs.json b/packages/redis/kibana/search/Metrics-Redis-ecs.json
index 0f3243d073b..3f53b3ce90d 100644
--- a/packages/redis/kibana/search/Metrics-Redis-ecs.json
+++ b/packages/redis/kibana/search/Metrics-Redis-ecs.json
@@ -24,7 +24,7 @@
                 "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
                 "query": {
                     "language": "kuery",
-                    "query": "(stream.dataset:redis.info OR stream.dataset:redis.key OR stream.dataset:redis.keyspace)"
+                    "query": "(dataset.name:redis.info OR dataset.name:redis.key OR dataset.name:redis.keyspace)"
                 }
             }
         },
diff --git a/packages/redis/kibana/visualization/78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs.json b/packages/redis/kibana/visualization/78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs.json
index bb4c973db74..b51940f5f54 100644
--- a/packages/redis/kibana/visualization/78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs.json
+++ b/packages/redis/kibana/visualization/78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs.json
@@ -8,7 +8,7 @@
                 "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
                 "query": {
                     "language": "kuery",
-                    "query": "stream.dataset:redis.log"
+                    "query": "dataset.name:redis.log"
                 },
                 "version": true
             }
diff --git a/packages/redis/kibana/visualization/d2864600-478f-11e7-be88-2ddb32f3df97-ecs.json b/packages/redis/kibana/visualization/d2864600-478f-11e7-be88-2ddb32f3df97-ecs.json
index 62cebc5c7af..d48f37475ee 100644
--- a/packages/redis/kibana/visualization/d2864600-478f-11e7-be88-2ddb32f3df97-ecs.json
+++ b/packages/redis/kibana/visualization/d2864600-478f-11e7-be88-2ddb32f3df97-ecs.json
@@ -8,7 +8,7 @@
                 "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
                 "query": {
                     "language": "kuery",
-                    "query": "stream.dataset:redis.log"
+                    "query": "dataset.name:redis.log"
                 },
                 "version": true
             }
diff --git a/packages/system/kibana/search/62439dc0-f9c9-11e6-a747-6121780e0414-ecs.json b/packages/system/kibana/search/62439dc0-f9c9-11e6-a747-6121780e0414-ecs.json
index a37c0083ea7..7068b0dd8c0 100644
--- a/packages/system/kibana/search/62439dc0-f9c9-11e6-a747-6121780e0414-ecs.json
+++ b/packages/system/kibana/search/62439dc0-f9c9-11e6-a747-6121780e0414-ecs.json
@@ -16,7 +16,7 @@
                 "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
                 "query": {
                     "language": "kuery",
-                    "query": "stream.dataset:system.auth AND system.auth.ssh.event:*"
+                    "query": "dataset.name:system.auth AND system.auth.ssh.event:*"
                 }
             }
         },
diff --git a/packages/system/kibana/search/Syslog-system-logs-ecs.json b/packages/system/kibana/search/Syslog-system-logs-ecs.json
index f3b7e475a45..ae22bd37c5d 100644
--- a/packages/system/kibana/search/Syslog-system-logs-ecs.json
+++ b/packages/system/kibana/search/Syslog-system-logs-ecs.json
@@ -27,7 +27,7 @@
                 "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
                 "query": {
                     "language": "kuery",
-                    "query": "stream.dataset:system.syslog"
+                    "query": "dataset.name:system.syslog"
                 }
             }
         },

From eb92acb382190020c7c97d8d1fd9a92f707dfb2a Mon Sep 17 00:00:00 2001
From: ruflin <spam@ruflin.com>
Date: Tue, 9 Jun 2020 15:48:55 +0200
Subject: [PATCH 3/4] update kibana.go and remove stream fields completely

---
 dev/import-beats/kibana.go                      | 12 ++++++------
 .../aws/dataset/billing/fields/base-fields.yml  | 17 -----------------
 .../dataset/cloudtrail/fields/base-fields.yml   | 17 -----------------
 .../cloudwatch-logs/fields/base-fields.yml      | 17 -----------------
 .../cloudwatch-metrics/fields/base-fields.yml   | 17 -----------------
 .../aws/dataset/dynamodb/fields/base-fields.yml | 17 -----------------
 packages/aws/dataset/ebs/fields/base-fields.yml | 17 -----------------
 .../aws/dataset/ec2-logs/fields/base-fields.yml | 17 -----------------
 .../dataset/ec2-metrics/fields/base-fields.yml  | 17 -----------------
 .../aws/dataset/elb-logs/fields/base-fields.yml | 17 -----------------
 .../dataset/elb-metrics/fields/base-fields.yml  | 17 -----------------
 .../aws/dataset/lambda/fields/base-fields.yml   | 17 -----------------
 .../dataset/natgateway/fields/base-fields.yml   | 17 -----------------
 packages/aws/dataset/rds/fields/base-fields.yml | 17 -----------------
 .../s3_daily_storage/fields/base-fields.yml     | 17 -----------------
 .../dataset/s3_request/fields/base-fields.yml   | 17 -----------------
 .../aws/dataset/s3access/fields/base-fields.yml | 17 -----------------
 packages/aws/dataset/sns/fields/base-fields.yml | 17 -----------------
 packages/aws/dataset/sqs/fields/base-fields.yml | 17 -----------------
 .../transitgateway/fields/base-fields.yml       | 17 -----------------
 .../aws/dataset/usage/fields/base-fields.yml    | 17 -----------------
 .../aws/dataset/vpcflow/fields/base-fields.yml  | 17 -----------------
 packages/aws/dataset/vpn/fields/base-fields.yml | 17 -----------------
 .../cisco/dataset/asa/fields/base-fields.yml    | 17 -----------------
 .../cisco/dataset/ftd/fields/base-fields.yml    | 17 -----------------
 .../cisco/dataset/ios/fields/base-fields.yml    | 17 -----------------
 .../kafka/dataset/broker/fields/base-fields.yml | 17 -----------------
 .../consumergroup/fields/base-fields.yml        | 17 -----------------
 .../kafka/dataset/log/fields/base-fields.yml    | 17 -----------------
 .../dataset/partition/fields/base-fields.yml    | 17 -----------------
 packages/log/dataset/log/fields/base-fields.yml | 17 -----------------
 .../mysql/dataset/error/fields/base-fields.yml  | 17 -----------------
 .../galera_status/fields/base-fields.yml        | 17 -----------------
 .../dataset/slowlog/fields/base-fields.yml      | 17 -----------------
 .../mysql/dataset/status/fields/base-fields.yml | 17 -----------------
 .../netflow/dataset/log/fields/base-fields.yml  | 17 -----------------
 .../nginx/dataset/access/fields/base-fields.yml | 17 -----------------
 .../nginx/dataset/error/fields/base-fields.yml  | 17 -----------------
 .../ingress_controller/fields/base-fields.yml   | 17 -----------------
 .../dataset/stubstatus/fields/base-fields.yml   | 17 -----------------
 .../redis/dataset/info/fields/base-fields.yml   | 17 -----------------
 .../redis/dataset/key/fields/base-fields.yml    | 17 -----------------
 .../dataset/keyspace/fields/base-fields.yml     | 17 -----------------
 .../redis/dataset/log/fields/base-fields.yml    | 17 -----------------
 .../dataset/slowlog/fields/base-fields.yml      | 17 -----------------
 .../system/dataset/auth/fields/base-fields.yml  | 17 -----------------
 .../system/dataset/core/fields/base-fields.yml  | 17 -----------------
 .../system/dataset/cpu/fields/base-fields.yml   | 17 -----------------
 .../dataset/diskio/fields/base-fields.yml       | 17 -----------------
 .../dataset/entropy/fields/base-fields.yml      | 17 -----------------
 .../dataset/filesystem/fields/base-fields.yml   | 17 -----------------
 .../dataset/fsstat/fields/base-fields.yml       | 17 -----------------
 .../system/dataset/load/fields/base-fields.yml  | 17 -----------------
 .../dataset/memory/fields/base-fields.yml       | 17 -----------------
 .../dataset/network/fields/base-fields.yml      | 17 -----------------
 .../network_summary/fields/base-fields.yml      | 17 -----------------
 .../dataset/process/fields/base-fields.yml      | 17 -----------------
 .../process_summary/fields/base-fields.yml      | 17 -----------------
 .../system/dataset/raid/fields/base-fields.yml  | 17 -----------------
 .../dataset/service/fields/base-fields.yml      | 17 -----------------
 .../dataset/socket/fields/base-fields.yml       | 17 -----------------
 .../socket_summary/fields/base-fields.yml       | 17 -----------------
 .../dataset/syslog/fields/base-fields.yml       | 17 -----------------
 .../dataset/uptime/fields/base-fields.yml       | 17 -----------------
 .../system/dataset/users/fields/base-fields.yml | 17 -----------------
 65 files changed, 6 insertions(+), 1094 deletions(-)

diff --git a/dev/import-beats/kibana.go b/dev/import-beats/kibana.go
index 7ce829aebf2..b257b9ae484 100644
--- a/dev/import-beats/kibana.go
+++ b/dev/import-beats/kibana.go
@@ -355,7 +355,7 @@ func stripReferencesToEventModuleInFilter(object mapStr, filterKey, moduleName s
 				return nil, errors.Wrapf(err, "setting meta.type failed")
 			}
 
-			_, err = filterObject.put("meta.value", fmt.Sprintf("{\"prefix\":{\"stream.dataset\":\"%s.\"}}", moduleName))
+			_, err = filterObject.put("meta.value", fmt.Sprintf("{\"prefix\":{\"dataset.name\":\"%s.\"}}", moduleName))
 			if err != nil {
 				return nil, errors.Wrapf(err, "setting meta.value failed")
 			}
@@ -367,7 +367,7 @@ func stripReferencesToEventModuleInFilter(object mapStr, filterKey, moduleName s
 
 			q := map[string]interface{}{
 				"prefix": map[string]interface{}{
-					"stream.dataset": moduleName + ".",
+					"dataset.name": moduleName + ".",
 				},
 			}
 			_, err = filterObject.put("query", q)
@@ -414,8 +414,8 @@ func stripReferencesToEventModuleInQuery(object mapStr, objectKey, moduleName st
 	query = strings.ReplaceAll(query, `"`, "")
 	if strings.Contains(query, "event.module:"+moduleName) && (strings.Contains(query, "metricset.name:") || strings.Contains(query, "fileset.name:")) {
 		query = strings.ReplaceAll(query, "event.module:"+moduleName, "")
-		query = strings.ReplaceAll(query, "metricset.name:", fmt.Sprintf("stream.dataset:%s.", moduleName))
-		query = strings.ReplaceAll(query, "fileset.name:", fmt.Sprintf("stream.dataset:%s.", moduleName))
+		query = strings.ReplaceAll(query, "metricset.name:", fmt.Sprintf("dataset.name:%s.", moduleName))
+		query = strings.ReplaceAll(query, "fileset.name:", fmt.Sprintf("dataset.name:%s.", moduleName))
 		query = strings.TrimSpace(query)
 		if strings.HasPrefix(query, "AND ") {
 			query = query[4:]
@@ -428,7 +428,7 @@ func stripReferencesToEventModuleInQuery(object mapStr, objectKey, moduleName st
 	} else if strings.Contains(query, "event.module:"+moduleName) {
 		var eventDatasets []string
 		for _, datasetName := range datasetNames {
-			eventDatasets = append(eventDatasets, fmt.Sprintf("stream.dataset:%s.%s", moduleName, datasetName))
+			eventDatasets = append(eventDatasets, fmt.Sprintf("dataset.name:%s.%s", moduleName, datasetName))
 		}
 
 		value := " (" + strings.Join(eventDatasets, " OR ") + ") "
@@ -449,7 +449,7 @@ func stripReferencesToEventModuleInQuery(object mapStr, objectKey, moduleName st
 }
 
 func replaceFieldEventDatasetWithStreamDataset(data []byte) []byte {
-	return bytes.ReplaceAll(data, []byte("event.dataset"), []byte("stream.dataset"))
+	return bytes.ReplaceAll(data, []byte("event.dataset"), []byte("dataset.name"))
 }
 
 func replaceBlacklistedWords(data []byte) []byte {
diff --git a/packages/aws/dataset/billing/fields/base-fields.yml b/packages/aws/dataset/billing/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/billing/fields/base-fields.yml
+++ b/packages/aws/dataset/billing/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/cloudtrail/fields/base-fields.yml b/packages/aws/dataset/cloudtrail/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/cloudtrail/fields/base-fields.yml
+++ b/packages/aws/dataset/cloudtrail/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/cloudwatch-logs/fields/base-fields.yml b/packages/aws/dataset/cloudwatch-logs/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/cloudwatch-logs/fields/base-fields.yml
+++ b/packages/aws/dataset/cloudwatch-logs/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/cloudwatch-metrics/fields/base-fields.yml b/packages/aws/dataset/cloudwatch-metrics/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/cloudwatch-metrics/fields/base-fields.yml
+++ b/packages/aws/dataset/cloudwatch-metrics/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/dynamodb/fields/base-fields.yml b/packages/aws/dataset/dynamodb/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/dynamodb/fields/base-fields.yml
+++ b/packages/aws/dataset/dynamodb/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/ebs/fields/base-fields.yml b/packages/aws/dataset/ebs/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/ebs/fields/base-fields.yml
+++ b/packages/aws/dataset/ebs/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/ec2-logs/fields/base-fields.yml b/packages/aws/dataset/ec2-logs/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/ec2-logs/fields/base-fields.yml
+++ b/packages/aws/dataset/ec2-logs/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/ec2-metrics/fields/base-fields.yml b/packages/aws/dataset/ec2-metrics/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/ec2-metrics/fields/base-fields.yml
+++ b/packages/aws/dataset/ec2-metrics/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/elb-logs/fields/base-fields.yml b/packages/aws/dataset/elb-logs/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/elb-logs/fields/base-fields.yml
+++ b/packages/aws/dataset/elb-logs/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/elb-metrics/fields/base-fields.yml b/packages/aws/dataset/elb-metrics/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/elb-metrics/fields/base-fields.yml
+++ b/packages/aws/dataset/elb-metrics/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/lambda/fields/base-fields.yml b/packages/aws/dataset/lambda/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/lambda/fields/base-fields.yml
+++ b/packages/aws/dataset/lambda/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/natgateway/fields/base-fields.yml b/packages/aws/dataset/natgateway/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/natgateway/fields/base-fields.yml
+++ b/packages/aws/dataset/natgateway/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/rds/fields/base-fields.yml b/packages/aws/dataset/rds/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/rds/fields/base-fields.yml
+++ b/packages/aws/dataset/rds/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/s3_daily_storage/fields/base-fields.yml b/packages/aws/dataset/s3_daily_storage/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/s3_daily_storage/fields/base-fields.yml
+++ b/packages/aws/dataset/s3_daily_storage/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/s3_request/fields/base-fields.yml b/packages/aws/dataset/s3_request/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/s3_request/fields/base-fields.yml
+++ b/packages/aws/dataset/s3_request/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/s3access/fields/base-fields.yml b/packages/aws/dataset/s3access/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/s3access/fields/base-fields.yml
+++ b/packages/aws/dataset/s3access/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/sns/fields/base-fields.yml b/packages/aws/dataset/sns/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/sns/fields/base-fields.yml
+++ b/packages/aws/dataset/sns/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/sqs/fields/base-fields.yml b/packages/aws/dataset/sqs/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/sqs/fields/base-fields.yml
+++ b/packages/aws/dataset/sqs/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/transitgateway/fields/base-fields.yml b/packages/aws/dataset/transitgateway/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/transitgateway/fields/base-fields.yml
+++ b/packages/aws/dataset/transitgateway/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/usage/fields/base-fields.yml b/packages/aws/dataset/usage/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/usage/fields/base-fields.yml
+++ b/packages/aws/dataset/usage/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/vpcflow/fields/base-fields.yml b/packages/aws/dataset/vpcflow/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/vpcflow/fields/base-fields.yml
+++ b/packages/aws/dataset/vpcflow/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/aws/dataset/vpn/fields/base-fields.yml b/packages/aws/dataset/vpn/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/aws/dataset/vpn/fields/base-fields.yml
+++ b/packages/aws/dataset/vpn/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/cisco/dataset/asa/fields/base-fields.yml b/packages/cisco/dataset/asa/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/cisco/dataset/asa/fields/base-fields.yml
+++ b/packages/cisco/dataset/asa/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/cisco/dataset/ftd/fields/base-fields.yml b/packages/cisco/dataset/ftd/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/cisco/dataset/ftd/fields/base-fields.yml
+++ b/packages/cisco/dataset/ftd/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/cisco/dataset/ios/fields/base-fields.yml b/packages/cisco/dataset/ios/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/cisco/dataset/ios/fields/base-fields.yml
+++ b/packages/cisco/dataset/ios/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/kafka/dataset/broker/fields/base-fields.yml b/packages/kafka/dataset/broker/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/kafka/dataset/broker/fields/base-fields.yml
+++ b/packages/kafka/dataset/broker/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/kafka/dataset/consumergroup/fields/base-fields.yml b/packages/kafka/dataset/consumergroup/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/kafka/dataset/consumergroup/fields/base-fields.yml
+++ b/packages/kafka/dataset/consumergroup/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/kafka/dataset/log/fields/base-fields.yml b/packages/kafka/dataset/log/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/kafka/dataset/log/fields/base-fields.yml
+++ b/packages/kafka/dataset/log/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/kafka/dataset/partition/fields/base-fields.yml b/packages/kafka/dataset/partition/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/kafka/dataset/partition/fields/base-fields.yml
+++ b/packages/kafka/dataset/partition/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/log/dataset/log/fields/base-fields.yml b/packages/log/dataset/log/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/log/dataset/log/fields/base-fields.yml
+++ b/packages/log/dataset/log/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/mysql/dataset/error/fields/base-fields.yml b/packages/mysql/dataset/error/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/mysql/dataset/error/fields/base-fields.yml
+++ b/packages/mysql/dataset/error/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/mysql/dataset/galera_status/fields/base-fields.yml b/packages/mysql/dataset/galera_status/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/mysql/dataset/galera_status/fields/base-fields.yml
+++ b/packages/mysql/dataset/galera_status/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/mysql/dataset/slowlog/fields/base-fields.yml b/packages/mysql/dataset/slowlog/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/mysql/dataset/slowlog/fields/base-fields.yml
+++ b/packages/mysql/dataset/slowlog/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/mysql/dataset/status/fields/base-fields.yml b/packages/mysql/dataset/status/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/mysql/dataset/status/fields/base-fields.yml
+++ b/packages/mysql/dataset/status/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/netflow/dataset/log/fields/base-fields.yml b/packages/netflow/dataset/log/fields/base-fields.yml
index 0f8ba01ffeb..d2792ff8fdf 100644
--- a/packages/netflow/dataset/log/fields/base-fields.yml
+++ b/packages/netflow/dataset/log/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/nginx/dataset/access/fields/base-fields.yml b/packages/nginx/dataset/access/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/nginx/dataset/access/fields/base-fields.yml
+++ b/packages/nginx/dataset/access/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/nginx/dataset/error/fields/base-fields.yml b/packages/nginx/dataset/error/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/nginx/dataset/error/fields/base-fields.yml
+++ b/packages/nginx/dataset/error/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/nginx/dataset/ingress_controller/fields/base-fields.yml b/packages/nginx/dataset/ingress_controller/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/nginx/dataset/ingress_controller/fields/base-fields.yml
+++ b/packages/nginx/dataset/ingress_controller/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/nginx/dataset/stubstatus/fields/base-fields.yml b/packages/nginx/dataset/stubstatus/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/nginx/dataset/stubstatus/fields/base-fields.yml
+++ b/packages/nginx/dataset/stubstatus/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/redis/dataset/info/fields/base-fields.yml b/packages/redis/dataset/info/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/redis/dataset/info/fields/base-fields.yml
+++ b/packages/redis/dataset/info/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/redis/dataset/key/fields/base-fields.yml b/packages/redis/dataset/key/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/redis/dataset/key/fields/base-fields.yml
+++ b/packages/redis/dataset/key/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/redis/dataset/keyspace/fields/base-fields.yml b/packages/redis/dataset/keyspace/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/redis/dataset/keyspace/fields/base-fields.yml
+++ b/packages/redis/dataset/keyspace/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/redis/dataset/log/fields/base-fields.yml b/packages/redis/dataset/log/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/redis/dataset/log/fields/base-fields.yml
+++ b/packages/redis/dataset/log/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/redis/dataset/slowlog/fields/base-fields.yml b/packages/redis/dataset/slowlog/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/redis/dataset/slowlog/fields/base-fields.yml
+++ b/packages/redis/dataset/slowlog/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/auth/fields/base-fields.yml b/packages/system/dataset/auth/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/auth/fields/base-fields.yml
+++ b/packages/system/dataset/auth/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/core/fields/base-fields.yml b/packages/system/dataset/core/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/core/fields/base-fields.yml
+++ b/packages/system/dataset/core/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/cpu/fields/base-fields.yml b/packages/system/dataset/cpu/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/cpu/fields/base-fields.yml
+++ b/packages/system/dataset/cpu/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/diskio/fields/base-fields.yml b/packages/system/dataset/diskio/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/diskio/fields/base-fields.yml
+++ b/packages/system/dataset/diskio/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/entropy/fields/base-fields.yml b/packages/system/dataset/entropy/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/entropy/fields/base-fields.yml
+++ b/packages/system/dataset/entropy/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/filesystem/fields/base-fields.yml b/packages/system/dataset/filesystem/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/filesystem/fields/base-fields.yml
+++ b/packages/system/dataset/filesystem/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/fsstat/fields/base-fields.yml b/packages/system/dataset/fsstat/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/fsstat/fields/base-fields.yml
+++ b/packages/system/dataset/fsstat/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/load/fields/base-fields.yml b/packages/system/dataset/load/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/load/fields/base-fields.yml
+++ b/packages/system/dataset/load/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/memory/fields/base-fields.yml b/packages/system/dataset/memory/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/memory/fields/base-fields.yml
+++ b/packages/system/dataset/memory/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/network/fields/base-fields.yml b/packages/system/dataset/network/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/network/fields/base-fields.yml
+++ b/packages/system/dataset/network/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/network_summary/fields/base-fields.yml b/packages/system/dataset/network_summary/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/network_summary/fields/base-fields.yml
+++ b/packages/system/dataset/network_summary/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/process/fields/base-fields.yml b/packages/system/dataset/process/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/process/fields/base-fields.yml
+++ b/packages/system/dataset/process/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/process_summary/fields/base-fields.yml b/packages/system/dataset/process_summary/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/process_summary/fields/base-fields.yml
+++ b/packages/system/dataset/process_summary/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/raid/fields/base-fields.yml b/packages/system/dataset/raid/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/raid/fields/base-fields.yml
+++ b/packages/system/dataset/raid/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/service/fields/base-fields.yml b/packages/system/dataset/service/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/service/fields/base-fields.yml
+++ b/packages/system/dataset/service/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/socket/fields/base-fields.yml b/packages/system/dataset/socket/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/socket/fields/base-fields.yml
+++ b/packages/system/dataset/socket/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/socket_summary/fields/base-fields.yml b/packages/system/dataset/socket_summary/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/socket_summary/fields/base-fields.yml
+++ b/packages/system/dataset/socket_summary/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/syslog/fields/base-fields.yml b/packages/system/dataset/syslog/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/syslog/fields/base-fields.yml
+++ b/packages/system/dataset/syslog/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/uptime/fields/base-fields.yml b/packages/system/dataset/uptime/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/uptime/fields/base-fields.yml
+++ b/packages/system/dataset/uptime/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >
diff --git a/packages/system/dataset/users/fields/base-fields.yml b/packages/system/dataset/users/fields/base-fields.yml
index 5a6e3c1d08c..932b03ae6b9 100644
--- a/packages/system/dataset/users/fields/base-fields.yml
+++ b/packages/system/dataset/users/fields/base-fields.yml
@@ -1,20 +1,3 @@
-- name: stream.type
-  type: constant_keyword
-  description: >
-    Stream type
-- name: stream.dataset
-  type: constant_keyword
-  description: >
-    Stream dataset.
-- name: stream.namespace
-  type: constant_keyword
-  description: >
-    Stream namespace.
-- name: "@timestamp"
-  type: date
-  description: >
-    Event timestamp.
-
 - name: dataset.type
   type: constant_keyword
   description: >

From bf1c4dad89efc12692f2fee487af344fa005369d Mon Sep 17 00:00:00 2001
From: ruflin <spam@ruflin.com>
Date: Tue, 9 Jun 2020 16:07:47 +0200
Subject: [PATCH 4/4] update registry dependency

---
 go.mod             | 2 +-
 go.sum             | 4 ++--
 vendor/modules.txt | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 8f0c744960f..dfc02fb1edb 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.12
 
 require (
 	github.com/blang/semver v3.5.1+incompatible
-	github.com/elastic/package-registry v0.4.1-0.20200604092407-21cd9e458fcf
+	github.com/elastic/package-registry v0.4.1-0.20200609082938-e56da291a24e
 	github.com/magefile/mage v1.9.0
 	github.com/pkg/errors v0.9.1
 	gopkg.in/yaml.v2 v2.3.0
diff --git a/go.sum b/go.sum
index 5cde2c2c816..8866cf6d384 100644
--- a/go.sum
+++ b/go.sum
@@ -6,8 +6,8 @@ github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/elastic/go-ucfg v0.8.4-0.20200415140258-1232bd4774a6 h1:Ehbr7du4rSSEypR8zePr0XRbMhO4PJgcHC9f8fDbgAg=
 github.com/elastic/go-ucfg v0.8.4-0.20200415140258-1232bd4774a6/go.mod h1:iaiY0NBIYeasNgycLyTvhJftQlQEUO2hpF+FX0JKxzo=
-github.com/elastic/package-registry v0.4.1-0.20200604092407-21cd9e458fcf h1:ppkJJKf9guPKNRK4BEm97a0lwlhXaFQAWFfKAm94iw8=
-github.com/elastic/package-registry v0.4.1-0.20200604092407-21cd9e458fcf/go.mod h1:na9XU9OeCK7NOcsrpKxtKHgXdysHUJpq4Dam7EgvpyE=
+github.com/elastic/package-registry v0.4.1-0.20200609082938-e56da291a24e h1:XKn6lil8hTPTf5IFAVpwDQGWeWhzNljr6sfOppiFZZ4=
+github.com/elastic/package-registry v0.4.1-0.20200609082938-e56da291a24e/go.mod h1:na9XU9OeCK7NOcsrpKxtKHgXdysHUJpq4Dam7EgvpyE=
 github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc=
 github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 h1:rp+c0RAYOWj8l6qbCUTSiRLG/iKnW3K3/QfPPuSsBt4=
diff --git a/vendor/modules.txt b/vendor/modules.txt
index e7f2481e9ae..29c46376a18 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -9,7 +9,7 @@ github.com/blang/semver
 github.com/elastic/go-ucfg
 github.com/elastic/go-ucfg/parse
 github.com/elastic/go-ucfg/yaml
-# github.com/elastic/package-registry v0.4.1-0.20200604092407-21cd9e458fcf
+# github.com/elastic/package-registry v0.4.1-0.20200609082938-e56da291a24e
 github.com/elastic/package-registry/util
 # github.com/magefile/mage v1.9.0
 github.com/magefile/mage/mg