Add missing field definitions for the SQLServer integration

[chemamartinez]

What does this PR do?

It adds the following changes:

Audit data stream

• Add the requested field definitions. The ones that match ECS are included in ecs.yml. Otherwise, they have been added at agent.yml along with missing fields for cloud and container.
• Although host.os.name is defined in ECS, it has been included in agent.yml to avoid a conflict in the type of the text multi_field (text vs match_only_text) with the Log data stream.

Log data stream

• host ECS fields defined at agent.yml have been moved to ecs.yml for consistency.

Performance data stream

• Added missing cloud and container fields in agent.yml.
• Added host fields in ecs.yml for consistency.

Transaction logs data stream

• Added missing cloud and container fields in agent.yml.
• Added host fields in ecs.yml for consistency.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Related issues

• Closes [microsoft_sqlserver.audit] Conflicting host.ip and message field definition #6070

Screenshots

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-05-26T15:32:18.597+0000

• Duration: 16 min 4 sec

Test stats 🧪

Test	Results
Failed	0
Passed	19
Skipped	0
Total	19

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (2/2)	💚
Files	100.0% (2/2)	💚 6.25
Classes	100.0% (2/2)	💚 6.25
Methods	93.75% (30/32)	👍 5.398
Lines	100.0% (1251/1251)	💚 14.075
Conditionals	100.0% (0/0)	💚

[P1llus]

Lets add in some other common agent.yml fields as well, we have some covering add_*_metadata like container and cloud in most of our integrations, compare this with for example checkpoint.

Rest LGTM!

[chemamartinez]

Lets add in some other common agent.yml fields as well, we have some covering add_*_metadata like container and cloud in most of our integrations, compare this with for example checkpoint.

Rest LGTM!

Thanks for the review. I also realized that the host and message fields were missing in the remaining data streams and the events could contain those fields so I added them as well.

[chemamartinez]

/test

[chemamartinez]

Found a bug when processing the host.mac field in the log, performance, and transaction_log data streams:

so I have added the necessary processors in the ingest pipeline to meet the ECS format in case the field appears: 601683c

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[elasticmachine]

Package microsoft_sqlserver - 1.22.0 containing this change is available at https://epr.elastic.co/search?package=microsoft_sqlserver