Add a Network Zone drop-down to the Observability Hosts page

[mbudge]

Elastic-Agent can be deployed on multiple cloud providers, on-prem networks and data-centres. These networks can span multiple countries/regions/zones. Different network zones are often managed by different IT teams.

A managed service provider may have 100's/1000's of servers running in a data centre in multiple locations. A company may also use multiple cloud providers which host infrastructure in different regions/zones. On-prem networks can span across the globe when there a multiple sites in different countries. Security analysts and IT want to find Elastic-Agents in different network zones without having to refer to asset tracking spreadsheets.

To do this efficiently users need a way to select Elastic-Agents in under their control in a single field on the Observability > Infrastructure > Hosts page.

The zone tagging should be done using this feature in the Fleet policy settings

#179915

I recommend adding a new field to ECS to store the zone and environment tags, then add drop-down menu's to the Observability Hosts page to make it easier for IT to select Elastic-Agents in network zones they manage.

elastic/ecs#2306

Zone/environment tagging should be done to both logs/metrics data.

Where Elastic-Agent is collecting data from external/api based services, engineers should use the beats processes to overwrite the zone/environment tags. For example, an Elastic-Agent might be running in GCP, but the integration is collecting Azure logs data. The beats process would be used to overwrite event.zone:gcp with event.zone:azure. The zone tagging logic could also be built into the elastic managed integrations.

[elasticmachine]

Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services)