diff --git a/internal/fields/dynamic_template.go b/internal/fields/dynamic_template.go
index b29bc98bfb..2f4ea00fb4 100644
--- a/internal/fields/dynamic_template.go
+++ b/internal/fields/dynamic_template.go
@@ -147,10 +147,13 @@ func parseDynamicTemplates(rawDynamicTemplates []map[string]any) ([]dynamicTempl
return nil, fmt.Errorf("unexpected dynamic template format found for %q", templateName)
}
+ isRuntime := false
for setting, value := range contents {
switch setting {
case "mapping":
aDynamicTemplate.mapping = value
+ case "runtime":
+ isRuntime = true
case "match_pattern":
s, ok := value.(string)
if !ok {
@@ -191,6 +194,9 @@ func parseDynamicTemplates(rawDynamicTemplates []map[string]any) ([]dynamicTempl
}
}
+ if isRuntime {
+ continue
+ }
dynamicTemplates = append(dynamicTemplates, aDynamicTemplate)
}
diff --git a/internal/testrunner/runners/system/tester.go b/internal/testrunner/runners/system/tester.go
index 6ac51a25bf..17ae1a137f 100644
--- a/internal/testrunner/runners/system/tester.go
+++ b/internal/testrunner/runners/system/tester.go
@@ -10,6 +10,7 @@ import (
"encoding/json"
"errors"
"fmt"
+ "io/fs"
"net/http"
"os"
"path/filepath"
@@ -1746,7 +1747,15 @@ func (r *tester) runTest(ctx context.Context, config *testConfig, stackConfig st
scenario, err := r.prepareScenario(ctx, config, stackConfig, svcInfo)
if err != nil {
- return result.WithError(err)
+ // Known issue: do not include this as part of the xUnit results
+ // Example: https://buildkite.com/elastic/integrations/builds/22313#01950431-67a5-4544-a720-6047f5de481b/706-2459
+ var pathErr *fs.PathError
+ if errors.As(err, &pathErr) && pathErr.Op == "fork/exec" && pathErr.Path == "/usr/bin/docker" {
+ return result.WithError(err)
+ }
+ // report all other errors as error entries in the xUnit file
+ results, _ := result.WithError(err)
+ return results, nil
}
if dump, ok := os.LookupEnv(dumpScenarioDocsEnv); ok && dump != "" {
diff --git a/test/packages/false_positives/runtime_fields.expected_errors b/test/packages/false_positives/runtime_fields.expected_errors
new file mode 100644
index 0000000000..a64e013cdd
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields.expected_errors
@@ -0,0 +1 @@
+failed to search docs for data stream logs-runtime_fields.logs-[[:digit:]]+: \[400 Bad Request\].*No field found for \[@tip\] in mapping.*
diff --git a/test/packages/false_positives/runtime_fields/LICENSE.txt b/test/packages/false_positives/runtime_fields/LICENSE.txt
new file mode 100644
index 0000000000..809108b857
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/LICENSE.txt
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
diff --git a/test/packages/false_positives/runtime_fields/_dev/build/build.yml b/test/packages/false_positives/runtime_fields/_dev/build/build.yml
new file mode 100644
index 0000000000..97fc8aa10c
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/_dev/build/build.yml
@@ -0,0 +1,3 @@
+dependencies:
+ ecs:
+ reference: git@v8.17.0
diff --git a/test/packages/false_positives/runtime_fields/changelog.yml b/test/packages/false_positives/runtime_fields/changelog.yml
new file mode 100644
index 0000000000..bb0320a524
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/changelog.yml
@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: "0.0.1"
+ changes:
+ - description: Initial draft of the package
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link
diff --git a/test/packages/false_positives/runtime_fields/data_stream/logs/_dev/test/system/test-default-config.yml b/test/packages/false_positives/runtime_fields/data_stream/logs/_dev/test/system/test-default-config.yml
new file mode 100644
index 0000000000..0e31318d6b
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/data_stream/logs/_dev/test/system/test-default-config.yml
@@ -0,0 +1,6 @@
+---
+vars: ~
+data_stream:
+ vars:
+ paths:
+ - "/usr/share/elastic-agent/state/data/logs/*"
diff --git a/test/packages/false_positives/runtime_fields/data_stream/logs/agent/stream/stream.yml.hbs b/test/packages/false_positives/runtime_fields/data_stream/logs/agent/stream/stream.yml.hbs
new file mode 100644
index 0000000000..5845510de8
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/data_stream/logs/agent/stream/stream.yml.hbs
@@ -0,0 +1,7 @@
+paths:
+{{#each paths as |path i|}}
+ - {{path}}
+{{/each}}
+exclude_files: [".gz$"]
+processors:
+ - add_locale: ~
diff --git a/test/packages/false_positives/runtime_fields/data_stream/logs/elasticsearch/ingest_pipeline/default.yml b/test/packages/false_positives/runtime_fields/data_stream/logs/elasticsearch/ingest_pipeline/default.yml
new file mode 100644
index 0000000000..4fa24ca74d
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/data_stream/logs/elasticsearch/ingest_pipeline/default.yml
@@ -0,0 +1,16 @@
+---
+description: Pipeline for processing sample logs
+processors:
+- set:
+ field: labels.foo
+ value: "bar"
+- set:
+ field: labels.version
+ value: "v1"
+- set:
+ field: metrics.bar
+ value: 10
+on_failure:
+- set:
+ field: error.message
+ value: '{{ _ingest.on_failure_message }}'
diff --git a/test/packages/false_positives/runtime_fields/data_stream/logs/fields/base-fields.yml b/test/packages/false_positives/runtime_fields/data_stream/logs/fields/base-fields.yml
new file mode 100644
index 0000000000..7c798f4534
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/data_stream/logs/fields/base-fields.yml
@@ -0,0 +1,12 @@
+- name: data_stream.type
+ type: constant_keyword
+ description: Data stream type.
+- name: data_stream.dataset
+ type: constant_keyword
+ description: Data stream dataset.
+- name: data_stream.namespace
+ type: constant_keyword
+ description: Data stream namespace.
+- name: '@timestamp'
+ type: date
+ description: Event timestamp.
diff --git a/test/packages/false_positives/runtime_fields/data_stream/logs/fields/fields.yml b/test/packages/false_positives/runtime_fields/data_stream/logs/fields/fields.yml
new file mode 100644
index 0000000000..dbed2e68dc
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/data_stream/logs/fields/fields.yml
@@ -0,0 +1,4 @@
+- name: input.type
+ type: keyword
+- name: log.offset
+ type: long
diff --git a/test/packages/false_positives/runtime_fields/data_stream/logs/fields/runtime_fields.yml b/test/packages/false_positives/runtime_fields/data_stream/logs/fields/runtime_fields.yml
new file mode 100644
index 0000000000..8bf4e0952c
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/data_stream/logs/fields/runtime_fields.yml
@@ -0,0 +1,23 @@
+# Example with dynamic templates
+- name: labels.*
+ type: keyword
+ runtime: true
+- name: labels.a
+ type: text
+- name: metrics.day_of_week
+ type: keyword
+ runtime: "emit(doc['@timestamp'].value.dayOfWeekEnum.getDisplayName(TextStyle.FULL, Locale.ENGLISH))"
+- name: metrics
+ type: group
+ fields:
+ - name: day_of_week_german
+ type: keyword
+ runtime: "emit(doc['@timestamp'].value.dayOfWeekEnum.getDisplayName(TextStyle.FULL, Locale.GERMAN))"
+ - name: foo
+ type: keyword
+ runtime: true
+ - name: bar
+ type: long
+- name: day_of_week
+ type: keyword
+ runtime: "emit(doc['@tip'].value.dayOfWeekEnum.getDisplayName(TextStyle.FULL, Locale.ENGLISH))"
diff --git a/test/packages/false_positives/runtime_fields/data_stream/logs/manifest.yml b/test/packages/false_positives/runtime_fields/data_stream/logs/manifest.yml
new file mode 100644
index 0000000000..dbad4fe7db
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/data_stream/logs/manifest.yml
@@ -0,0 +1,17 @@
+title: "Logs"
+type: logs
+streams:
+ - input: logfile
+ title: Sample logs
+ description: Collect sample logs
+ vars:
+ - name: paths
+ type: text
+ title: Paths
+ multi: true
+ default:
+ - /var/log/*.log
+elasticsearch:
+ index_template:
+ mappings:
+ subobjects: false
diff --git a/test/packages/false_positives/runtime_fields/docs/README.md b/test/packages/false_positives/runtime_fields/docs/README.md
new file mode 100644
index 0000000000..eb78b75d5e
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/docs/README.md
@@ -0,0 +1,84 @@
+
+
+
+# Runtime Fields
+
+
+
+## Data streams
+
+
+
+
+
+
+
+
+
+
+
+## Requirements
+
+You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it.
+You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware.
+
+
+
+## Setup
+
+
+
+For step-by-step instructions on how to set up an integration, see the
+[Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/test/packages/false_positives/runtime_fields/img/sample-logo.svg b/test/packages/false_positives/runtime_fields/img/sample-logo.svg
new file mode 100644
index 0000000000..6268dd88f3
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/img/sample-logo.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/test/packages/false_positives/runtime_fields/img/sample-screenshot.png b/test/packages/false_positives/runtime_fields/img/sample-screenshot.png
new file mode 100644
index 0000000000..d7a56a3ecc
Binary files /dev/null and b/test/packages/false_positives/runtime_fields/img/sample-screenshot.png differ
diff --git a/test/packages/false_positives/runtime_fields/manifest.yml b/test/packages/false_positives/runtime_fields/manifest.yml
new file mode 100644
index 0000000000..eb116e7413
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/manifest.yml
@@ -0,0 +1,36 @@
+format_version: 3.3.2
+name: runtime_fields
+title: "Runtime Fields"
+version: 0.0.1
+source:
+ license: "Elastic-2.0"
+description: "Runtime Fields test package"
+type: integration
+categories:
+ - custom
+conditions:
+ kibana:
+ version: "^8.17.2"
+ elastic:
+ subscription: "basic"
+screenshots:
+ - src: /img/sample-screenshot.png
+ title: Sample screenshot
+ size: 600x600
+ type: image/png
+icons:
+ - src: /img/sample-logo.svg
+ title: Sample logo
+ size: 32x32
+ type: image/svg+xml
+policy_templates:
+ - name: sample
+ title: Sample logs
+ description: Collect sample logs
+ inputs:
+ - type: logfile
+ title: Collect sample logs from instances
+ description: Collecting sample logs
+owner:
+ github: elastic/integrations
+ type: elastic
diff --git a/test/packages/false_positives/runtime_fields/test-default-config.yml b/test/packages/false_positives/runtime_fields/test-default-config.yml
new file mode 100644
index 0000000000..9d32b0c631
--- /dev/null
+++ b/test/packages/false_positives/runtime_fields/test-default-config.yml
@@ -0,0 +1,5 @@
+vars: ~
+data_stream:
+ vars:
+ paths:
+ - "/usr/share/elastic-agent/state/data/logs/*"
diff --git a/test/packages/other/runtime_fields/LICENSE.txt b/test/packages/other/runtime_fields/LICENSE.txt
new file mode 100644
index 0000000000..809108b857
--- /dev/null
+++ b/test/packages/other/runtime_fields/LICENSE.txt
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
diff --git a/test/packages/other/runtime_fields/_dev/build/build.yml b/test/packages/other/runtime_fields/_dev/build/build.yml
new file mode 100644
index 0000000000..97fc8aa10c
--- /dev/null
+++ b/test/packages/other/runtime_fields/_dev/build/build.yml
@@ -0,0 +1,3 @@
+dependencies:
+ ecs:
+ reference: git@v8.17.0
diff --git a/test/packages/other/runtime_fields/changelog.yml b/test/packages/other/runtime_fields/changelog.yml
new file mode 100644
index 0000000000..bb0320a524
--- /dev/null
+++ b/test/packages/other/runtime_fields/changelog.yml
@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: "0.0.1"
+ changes:
+ - description: Initial draft of the package
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link
diff --git a/test/packages/other/runtime_fields/data_stream/logs/_dev/test/system/test-default-config.yml b/test/packages/other/runtime_fields/data_stream/logs/_dev/test/system/test-default-config.yml
new file mode 100644
index 0000000000..0e31318d6b
--- /dev/null
+++ b/test/packages/other/runtime_fields/data_stream/logs/_dev/test/system/test-default-config.yml
@@ -0,0 +1,6 @@
+---
+vars: ~
+data_stream:
+ vars:
+ paths:
+ - "/usr/share/elastic-agent/state/data/logs/*"
diff --git a/test/packages/other/runtime_fields/data_stream/logs/agent/stream/stream.yml.hbs b/test/packages/other/runtime_fields/data_stream/logs/agent/stream/stream.yml.hbs
new file mode 100644
index 0000000000..5845510de8
--- /dev/null
+++ b/test/packages/other/runtime_fields/data_stream/logs/agent/stream/stream.yml.hbs
@@ -0,0 +1,7 @@
+paths:
+{{#each paths as |path i|}}
+ - {{path}}
+{{/each}}
+exclude_files: [".gz$"]
+processors:
+ - add_locale: ~
diff --git a/test/packages/other/runtime_fields/data_stream/logs/elasticsearch/ingest_pipeline/default.yml b/test/packages/other/runtime_fields/data_stream/logs/elasticsearch/ingest_pipeline/default.yml
new file mode 100644
index 0000000000..4fa24ca74d
--- /dev/null
+++ b/test/packages/other/runtime_fields/data_stream/logs/elasticsearch/ingest_pipeline/default.yml
@@ -0,0 +1,16 @@
+---
+description: Pipeline for processing sample logs
+processors:
+- set:
+ field: labels.foo
+ value: "bar"
+- set:
+ field: labels.version
+ value: "v1"
+- set:
+ field: metrics.bar
+ value: 10
+on_failure:
+- set:
+ field: error.message
+ value: '{{ _ingest.on_failure_message }}'
diff --git a/test/packages/other/runtime_fields/data_stream/logs/fields/base-fields.yml b/test/packages/other/runtime_fields/data_stream/logs/fields/base-fields.yml
new file mode 100644
index 0000000000..7c798f4534
--- /dev/null
+++ b/test/packages/other/runtime_fields/data_stream/logs/fields/base-fields.yml
@@ -0,0 +1,12 @@
+- name: data_stream.type
+ type: constant_keyword
+ description: Data stream type.
+- name: data_stream.dataset
+ type: constant_keyword
+ description: Data stream dataset.
+- name: data_stream.namespace
+ type: constant_keyword
+ description: Data stream namespace.
+- name: '@timestamp'
+ type: date
+ description: Event timestamp.
diff --git a/test/packages/other/runtime_fields/data_stream/logs/fields/fields.yml b/test/packages/other/runtime_fields/data_stream/logs/fields/fields.yml
new file mode 100644
index 0000000000..dbed2e68dc
--- /dev/null
+++ b/test/packages/other/runtime_fields/data_stream/logs/fields/fields.yml
@@ -0,0 +1,4 @@
+- name: input.type
+ type: keyword
+- name: log.offset
+ type: long
diff --git a/test/packages/other/runtime_fields/data_stream/logs/fields/runtime_fields.yml b/test/packages/other/runtime_fields/data_stream/logs/fields/runtime_fields.yml
new file mode 100644
index 0000000000..08e4988af7
--- /dev/null
+++ b/test/packages/other/runtime_fields/data_stream/logs/fields/runtime_fields.yml
@@ -0,0 +1,23 @@
+# Example with dynamic templates
+- name: labels.*
+ type: keyword
+ runtime: true
+- name: labels.a
+ type: text
+- name: metrics.day_of_week
+ type: keyword
+ runtime: "emit(doc['@timestamp'].value.dayOfWeekEnum.getDisplayName(TextStyle.FULL, Locale.ENGLISH))"
+- name: metrics
+ type: group
+ fields:
+ - name: day_of_week_german
+ type: keyword
+ runtime: "emit(doc['@timestamp'].value.dayOfWeekEnum.getDisplayName(TextStyle.FULL, Locale.GERMAN))"
+ - name: foo
+ type: keyword
+ runtime: true
+ - name: bar
+ type: long
+- name: day_of_week
+ type: keyword
+ runtime: "emit(doc['@timestamp'].value.dayOfWeekEnum.getDisplayName(TextStyle.FULL, Locale.ENGLISH))"
diff --git a/test/packages/other/runtime_fields/data_stream/logs/manifest.yml b/test/packages/other/runtime_fields/data_stream/logs/manifest.yml
new file mode 100644
index 0000000000..dbad4fe7db
--- /dev/null
+++ b/test/packages/other/runtime_fields/data_stream/logs/manifest.yml
@@ -0,0 +1,17 @@
+title: "Logs"
+type: logs
+streams:
+ - input: logfile
+ title: Sample logs
+ description: Collect sample logs
+ vars:
+ - name: paths
+ type: text
+ title: Paths
+ multi: true
+ default:
+ - /var/log/*.log
+elasticsearch:
+ index_template:
+ mappings:
+ subobjects: false
diff --git a/test/packages/other/runtime_fields/docs/README.md b/test/packages/other/runtime_fields/docs/README.md
new file mode 100644
index 0000000000..eb78b75d5e
--- /dev/null
+++ b/test/packages/other/runtime_fields/docs/README.md
@@ -0,0 +1,84 @@
+
+
+
+# Runtime Fields
+
+
+
+## Data streams
+
+
+
+
+
+
+
+
+
+
+
+## Requirements
+
+You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it.
+You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware.
+
+
+
+## Setup
+
+
+
+For step-by-step instructions on how to set up an integration, see the
+[Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/test/packages/other/runtime_fields/img/sample-logo.svg b/test/packages/other/runtime_fields/img/sample-logo.svg
new file mode 100644
index 0000000000..6268dd88f3
--- /dev/null
+++ b/test/packages/other/runtime_fields/img/sample-logo.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/test/packages/other/runtime_fields/img/sample-screenshot.png b/test/packages/other/runtime_fields/img/sample-screenshot.png
new file mode 100644
index 0000000000..d7a56a3ecc
Binary files /dev/null and b/test/packages/other/runtime_fields/img/sample-screenshot.png differ
diff --git a/test/packages/other/runtime_fields/manifest.yml b/test/packages/other/runtime_fields/manifest.yml
new file mode 100644
index 0000000000..eb116e7413
--- /dev/null
+++ b/test/packages/other/runtime_fields/manifest.yml
@@ -0,0 +1,36 @@
+format_version: 3.3.2
+name: runtime_fields
+title: "Runtime Fields"
+version: 0.0.1
+source:
+ license: "Elastic-2.0"
+description: "Runtime Fields test package"
+type: integration
+categories:
+ - custom
+conditions:
+ kibana:
+ version: "^8.17.2"
+ elastic:
+ subscription: "basic"
+screenshots:
+ - src: /img/sample-screenshot.png
+ title: Sample screenshot
+ size: 600x600
+ type: image/png
+icons:
+ - src: /img/sample-logo.svg
+ title: Sample logo
+ size: 32x32
+ type: image/svg+xml
+policy_templates:
+ - name: sample
+ title: Sample logs
+ description: Collect sample logs
+ inputs:
+ - type: logfile
+ title: Collect sample logs from instances
+ description: Collecting sample logs
+owner:
+ github: elastic/integrations
+ type: elastic
diff --git a/test/packages/other/runtime_fields/test-default-config.yml b/test/packages/other/runtime_fields/test-default-config.yml
new file mode 100644
index 0000000000..9d32b0c631
--- /dev/null
+++ b/test/packages/other/runtime_fields/test-default-config.yml
@@ -0,0 +1,5 @@
+vars: ~
+data_stream:
+ vars:
+ paths:
+ - "/usr/share/elastic-agent/state/data/logs/*"