[ Kubernetes Audit Logs ] Missing mappings for kubernetes.audit.requestObject.webhooks and kubernetes.audit.responseObject.webhooks objects

[leandrojmp]

Hello,

We are collecting logs from some Kubernetes cluster running on AWS EKS and since the Kubernetes integration does not support collecting logs from managed service, we were able to collect these logs using Cloudwatch and using a reroute processor we are able to parse it and store in the logs-kubernetes.audit_logs-NAMESPACE data stream, this way we can use the correct mapping for the kubernetes audit logs fields.

We just noticed that some audit logs does not have the correct mapping in the kubernetes template.

The objects kubernetes.audit.requestObject.webhooks and kubernetes.audit.responseObject.webhooks have no mapping in the component template.

Example of the fields for kubernetes.audit.requestObject.webhooks

Example of the fields for kubernetes.audit.responseObject.webhooks

There is also no mapping for kubernetes.audit.responseObject.apiVersion, kubernetes.audit.requestObject.apiVersion, kubernetes.audit.requestObject.kind and kubernetes.audit.responseObject.kind

[leandrojmp]

It seems that there are other nested fields under kubernetes.audit.responseObject and kubernetes.audit.requestObject that also does not have any mappings in the Kubernetes Integration.

For example: