add event.dataset matching routing rules

[Kavindu-Dodan]

Proposed commit message

This PR adds event.dataset field for records parsed through the Firehose integration. The implementation uses the routing detection conditions to detect the correct value of the field.

Reason for this change

This is explained in the issue #12750. In short, there are Elastic components that utilize the value of event.dataset for their decisions. So far, Firehose integration did not enrich this field where as Elastic agent added this using add_field processor.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

Fixes #12750

Screenshots

• vpc flow log event with event.dataset field,

• cloudtrail log event with event.dataset field,

• elb metrics with event.dataset field,

• ec2 metrics with event.dataset field,

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 984aef1

History

• 💚 Build #25964 succeeded ad53b6c
• 💚 Build #25962 succeeded fe6864f
• 💔 Build #25961 failed 57e1dc9
• 💔 Build #25958 failed fd82269

[elastic-sonarqube]

Quality Gate failed

Failed conditions
69.7% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

[elastic-vault-github-plugin-prod]

Package awsfirehose - 1.7.0 containing this change is available at https://epr.elastic.co/package/awsfirehose/1.7.0/