elastic
diff --git a/‎packages/aws/data_stream/config/_dev/test/pipeline/test-event.log-expected.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/aws/data_stream/config/_dev/test/pipeline/test-event.log-expected.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/aws/data_stream/config/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 2 additions & 2 deletions b/‎packages/aws/data_stream/config/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎packages/aws/data_stream/config/fields/ecs.yml‎
Lines changed: 2 additions & 0 deletions b/‎packages/aws/data_stream/config/fields/ecs.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎packages/aws/data_stream/config/sample_event.json‎
Lines changed: 8 additions & 8 deletions b/‎packages/aws/data_stream/config/sample_event.json‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎packages/aws/elasticsearch/transform/latest_config_misconfigurations/fields/ecs.yml‎
Lines changed: 2 additions & 0 deletions b/‎packages/aws/elasticsearch/transform/latest_config_misconfigurations/fields/ecs.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎packages/aws/elasticsearch/transform/latest_config_misconfigurations/transform.yml‎
Lines changed: 0 additions & 1 deletion b/‎packages/aws/elasticsearch/transform/latest_config_misconfigurations/transform.yml‎
Lines changed: 0 additions & 1 deletion
@@ -95,7 +95,7 @@
  ]
  },
  "resource": {
- "id": "arn:aws:config:us-east-1:329599655752:config-rule/config-rule-rwpvuz",
+ "id": "i-0a4468fbfafee6a8f",
  "type": "AWS::EC2::Instance"
  },
  "result": {
 
@@ -311,8 +311,8 @@ processors:
  ignore_missing: true
  - set:
  field: resource.id
- tag: set_resource_id_from_config_config_rule_info_config_rule_arn
- copy_from: aws.config.rule_info.config_rule_arn
+ tag: set_resource_id_from_config_evaluation_result_identifier_evaluation_result_qualifier_resource_id
+ copy_from: aws.config.evaluation_result_identifier.evaluation_result_qualifier.resource_id
  ignore_empty_value: true
  - rename:
  field: json.EvaluationResultIdentifier.EvaluationResultQualifier.ResourceType
 
@@ -1,4 +1,6 @@
 - name: cloud.provider
  type: constant_keyword
+ external: ecs
 - name: observer.vendor
  type: constant_keyword
+ external: ecs
@@ -1,9 +1,9 @@
 {
- "@timestamp": "2025-05-16T07:58:23.791Z",
+ "@timestamp": "2025-05-20T07:12:28.179Z",
  "agent": {
- "ephemeral_id": "6fbe87e6-993e-4c40-abbe-bbe39ee3591c",
- "id": "7d2ce287-1db4-4b2d-99f9-a00c406e3c06",
- "name": "elastic-agent-65400",
+ "ephemeral_id": "315016b1-7512-4599-9b25-575562a9e817",
+ "id": "44507658-5b33-414c-b7fc-2e3fa9c24417",
+ "name": "elastic-agent-66460",
  "type": "filebeat",
  "version": "8.18.0"
  },
@@ -52,14 +52,14 @@
  },
  "data_stream": {
  "dataset": "aws.config",
- "namespace": "55739",
+ "namespace": "59551",
  "type": "logs"
  },
  "ecs": {
  "version": "8.17.0"
  },
  "elastic_agent": {
- "id": "7d2ce287-1db4-4b2d-99f9-a00c406e3c06",
+ "id": "44507658-5b33-414c-b7fc-2e3fa9c24417",
  "snapshot": false,
  "version": "8.18.0"
  },
@@ -70,7 +70,7 @@
  ],
  "created": "2015-09-29T15:52:31.883Z",
  "dataset": "aws.config",
- "ingested": "2025-05-16T07:58:26Z",
+ "ingested": "2025-05-20T07:12:30Z",
  "kind": "event",
  "original": "{\"ComplianceType\":\"COMPLIANT\",\"ConfigRuleInfo\":{\"ConfigRuleArn\":\"arn:aws:config:us-east-1:11223344556:config-rule/config-rule-id1\",\"ConfigRuleId\":\"config-rule-id1\",\"ConfigRuleName\":\"access-keys-rotated\",\"ConfigRuleState\":\"ACTIVE\",\"Description\":\"Checks whether the active access keys are rotated within the number of days specified in maxAccessKeyAge. The rule is non-compliant if the access keys have not been rotated for more than maxAccessKeyAge number of days.\",\"EvaluationModes\":[{\"Mode\":\"DETECTIVE\"}],\"InputParameters\":\"{\\\"maxAccessKeyAge\\\":\\\"90\\\"}\",\"MaximumExecutionFrequency\":\"TwentyFour_Hours\",\"Source\":{\"Owner\":\"AWS\",\"SourceIdentifier\":\"ACCESS_KEYS_ROTATED\"}},\"ConfigRuleInvokedTime\":1444799479.852,\"EvaluationResultIdentifier\":{\"EvaluationResultQualifier\":{\"ConfigRuleName\":\"access-keys-rotated\",\"EvaluationMode\":\"DETECTIVE\",\"ResourceId\":\"i-0a4468fbfafeeg20h\",\"ResourceType\":\"AWS::EC2::Instance\"},\"OrderingTimestamp\":1443541951.883},\"ResultRecordedTime\":1444799480.061}",
  "outcome": "success",
@@ -87,7 +87,7 @@
  "vendor": "Amazon"
  },
  "resource": {
- "id": "arn:aws:config:us-east-1:11223344556:config-rule/config-rule-id1",
+ "id": "i-0a4468fbfafeeg20h",
  "type": "AWS::EC2::Instance"
  },
  "result": {
 
@@ -1,4 +1,6 @@
 - name: cloud.provider
  type: constant_keyword
+ external: ecs
 - name: observer.vendor
  type: constant_keyword
+ external: ecs
@@ -17,7 +17,6 @@ description: >-
  Latest Configs from AWS. As configs get updated, this transform stores only the latest state of each config inside the destination index. Thus the transform's destination index contains only the latest state of the config.
 frequency: 5m
 settings:
- # This is required to prevent the transform from clobbering the Fleet-managed mappings.
  unattended: true
 sync:
  time:
Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,7 @@`
`95`	`95`	`]`
`96`	`96`	`},`
`97`	`97`	`"resource": {`
`98`		`- "id": "arn:aws:config:us-east-1:329599655752:config-rule/config-rule-rwpvuz",`
	`98`	`+ "id": "i-0a4468fbfafee6a8f",`
`99`	`99`	`"type": "AWS::EC2::Instance"`
`100`	`100`	`},`
`101`	`101`	`"result": {`