[GCP] Add GCP Billing Metricset (#2141)

This commit has been changed to remove changes to README included in
 #2141 to allow documentation changes from #2842

Changes to  packages/gcp/data_stream/audit/manifest.yml has been removed
too.

Author: legoguy1000

packages/gcp/changelog.yml

@@ -39,6 +39,9 @@
     - description: Add 8.0.0 version constraint
       type: enhancement
       link: https://github.com/elastic/integrations/pull/2251
+    - description: Add GCP Billing Metricset
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/2141
 - version: "1.1.2"
   changes:
     - description: Update Title and Description.

packages/gcp/data_stream/billing/agent/stream/stream.yml.hbs

@@ -0,0 +1,12 @@
+metricsets: ["billing"]
+period: {{period}}
+project_id: {{project_id}}
+{{#if credentials_file}}
+credentials_file: {{credentials_file}}
+{{/if}}
+{{#if credentials_json}}
+credentials_json: {{credentials_json}}
+{{/if}}
+dataset_id: {{dataset_id}}
+table_pattern: {{table_pattern}}
+cost_type: {{cost_type}}

packages/gcp/data_stream/billing/fields/agent.yml

@@ -0,0 +1,198 @@
+- name: cloud
+  title: Cloud
+  group: 2
+  description: Fields related to the cloud or infrastructure the events are coming from.
+  footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.'
+  type: group
+  fields:
+    - name: account.id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment.
+
+        Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.'
+      example: 666777888999
+    - name: availability_zone
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Availability zone in which this host is running.
+      example: us-east-1c
+    - name: instance.id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Instance ID of the host machine.
+      example: i-1234567890abcdef0
+    - name: instance.name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Instance name of the host machine.
+    - name: machine.type
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Machine type of the host machine.
+      example: t2.medium
+    - name: provider
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
+      example: aws
+    - name: region
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Region in which this host is running.
+      example: us-east-1
+    - name: project.id
+      type: keyword
+      description: Name of the project in Google Cloud.
+    - name: image.id
+      type: keyword
+      description: Image ID for the cloud instance.
+- name: container
+  title: Container
+  group: 2
+  description: 'Container fields are used for meta information about the specific container that is the source of information.
+
+    These fields help correlate data based containers from any runtime.'
+  type: group
+  fields:
+    - name: id
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: Unique container id.
+    - name: image.name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Name of the image the container was built on.
+    - name: labels
+      level: extended
+      type: object
+      object_type: keyword
+      description: Image labels.
+    - name: name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Container name.
+- name: host
+  title: Host
+  group: 2
+  description: 'A host is defined as a general computing instance.
+
+    ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.'
+  type: group
+  fields:
+    - name: architecture
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: Operating system architecture.
+      example: x86_64
+    - name: domain
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Name of the domain of which the host is a member.
+
+        For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.'
+      example: CONTOSO
+      default_field: false
+    - name: hostname
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: 'Hostname of the host.
+
+        It normally contains what the `hostname` command returns on the host machine.'
+    - name: id
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: 'Unique host id.
+
+        As hostname is not always unique, use values that are meaningful in your environment.
+
+        Example: The current usage of `beat.name`.'
+    - name: ip
+      level: core
+      type: ip
+      description: Host ip addresses.
+    - name: mac
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: Host mac addresses.
+    - name: name
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: 'Name of the host.
+
+        It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.'
+    - name: os.family
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: OS family (such as redhat, debian, freebsd, windows).
+      example: debian
+    - name: os.kernel
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Operating system kernel version as a raw string.
+      example: 4.4.0-112-generic
+    - name: os.name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      multi_fields:
+        - name: text
+          type: text
+          norms: false
+          default_field: false
+      description: Operating system name, without the version.
+      example: Mac OS X
+    - name: os.platform
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Operating system platform (such centos, ubuntu, windows).
+      example: darwin
+    - name: os.version
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Operating system version as a raw string.
+      example: 10.14.1
+    - name: type
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: 'Type of host.
+
+        For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.'
+    - name: containerized
+      type: boolean
+      description: >
+        If the host is a container.
+
+    - name: os.build
+      type: keyword
+      example: "18D109"
+      description: >
+        OS build information.
+
+    - name: os.codename
+      type: keyword
+      example: "stretch"
+      description: >
+        OS codename, if any.
+

packages/gcp/data_stream/billing/fields/base-fields.yml

@@ -0,0 +1,20 @@
+- name: data_stream.type
+  type: constant_keyword
+  description: Data stream type.
+- name: data_stream.dataset
+  type: constant_keyword
+  description: Data stream dataset.
+- name: data_stream.namespace
+  type: constant_keyword
+  description: Data stream namespace.
+- name: '@timestamp'
+  type: date
+  description: Event timestamp.
+- name: event.module
+  type: constant_keyword
+  description: Event module
+  value: gcp
+- name: event.dataset
+  type: constant_keyword
+  description: Event dataset
+  value: gcp.billing

packages/gcp/data_stream/billing/fields/ecs.yml

@@ -0,0 +1,24 @@
+- external: ecs
+  name: cloud
+- external: ecs
+  name: cloud.account.id
+- external: ecs
+  name: cloud.account.name
+- external: ecs
+  name: cloud.availability_zone
+- external: ecs
+  name: cloud.instance.id
+- external: ecs
+  name: cloud.machine.type
+- external: ecs
+  name: cloud.provider
+- external: ecs
+  name: cloud.region
+- external: ecs
+  name: ecs.version
+- external: ecs
+  name: error
+- external: ecs
+  name: error.message
+- external: ecs
+  name: service.type

packages/gcp/data_stream/billing/fields/fields.yml

@@ -0,0 +1,22 @@
+- name: gcp.billing
+  type: group
+  description: Google Cloud Billing metrics
+  fields:
+    - name: cost_type
+      type: keyword
+      description: Cost types include regular, tax, adjustment, and rounding_error.
+    - name: invoice_month
+      type: keyword
+      description: Billing report month.
+    - name: project_id
+      type: keyword
+      description: Project ID of the billing report belongs to.
+    - name: project_name
+      type: keyword
+      description: Project Name of the billing report belongs to.
+    - name: total
+      type: float
+      description: Total billing amount.
+    - name: billing_account_id
+      type: keyword
+      description: Project Billing Account ID.

packages/gcp/data_stream/billing/manifest.yml

@@ -0,0 +1,34 @@
+title: "GCP Billing Metrics"
+type: metrics
+streams:
+  - input: gcp/metrics
+    title: GCP Billing Metrics
+    description: Collect GCP Billing Metrics
+    vars:
+      - name: period
+        type: text
+        title: Period
+        default: 24h
+      - name: dataset_id
+        type: text
+        title: Dataset ID
+        multi: false
+        required: true
+        show_user: true
+        description: "Dataset ID that points to the top-level container which contains the actual billing tables."
+      - name: table_pattern
+        type: text
+        title: Table pattern
+        multi: false
+        required: true
+        show_user: true
+        description: "Daily cost detail billing table name prefix."
+        default: gcp_billing_export_v1
+      - name: cost_type
+        type: text
+        title: Cost Type
+        multi: false
+        required: true
+        show_user: true
+        description: "The type of cost this line item represents: regular, tax, adjustment, or rounding error"
+        default: regular

packages/gcp/data_stream/billing/sample_event.json

@@ -0,0 +1,35 @@
+{
+    "@timestamp": "2017-10-12T08:05:34.853Z",
+    "cloud": {
+        "account": {
+            "id": "01475F-5B1080-1137E7"
+        },
+        "project": {
+            "id": "elastic-bi",
+            "name": "elastic-containerlib-prod"
+        },
+        "provider": "gcp"
+    },
+    "event": {
+        "dataset": "gcp.billing",
+        "duration": 115000,
+        "module": "gcp"
+    },
+    "gcp": {
+        "billing": {
+            "billing_account_id": "01475F-5B1080-1137E7",
+            "cost_type": "regular",
+            "invoice_month": "202106",
+            "project_id": "containerlib-prod-12763",
+            "project_name": "elastic-containerlib-prod",
+            "total": 4717.170681
+        }
+    },
+    "metricset": {
+        "name": "billing",
+        "period": 10000
+    },
+    "service": {
+        "type": "gcp"
+    }
+}

packages/gcp/data_stream/firewall/manifest.yml

@@ -25,6 +25,13 @@ streams:
         required: true
         show_user: false
         default: false
+      - name: alternative_host
+        type: text
+        title: Alternative host
+        multi: false
+        required: false
+        show_user: false
+        description: "GCP Alternative host"
       - name: tags
         type: text
         title: Tags

packages/gcp/data_stream/vpcflow/manifest.yml

@@ -25,6 +25,13 @@ streams:
         required: true
         show_user: false
         default: false
+      - name: alternative_host
+        type: text
+        title: Alternative host
+        multi: false
+        required: false
+        show_user: false
+        description: "GCP Alternative host"
       - name: tags
         type: text
         title: Tags