Skip to content

Commit

Permalink
Import ECS 1.0.1 (#12284)
Browse files Browse the repository at this point in the history
  • Loading branch information
Mathieu Martin authored May 27, 2019
1 parent 44cfe34 commit 31a4da7
Show file tree
Hide file tree
Showing 18 changed files with 232 additions and 27 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d

- Update to Golang 1.12.1. {pull}11330[11330]
- Update to Golang 1.12.4. {pull}11782[11782]
- Update to ECS 1.0.1. {pull}12284[12284]

*Auditbeat*

Expand Down
28 changes: 26 additions & 2 deletions auditbeat/docs/fields.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -3055,7 +3055,7 @@ Version of the agent.
== client fields
A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records.
For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events.
For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events.
Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.
Expand Down Expand Up @@ -3216,6 +3216,8 @@ Packets sent from the client to the server.
--
type: long
format: string
Port of the client.
--
Expand Down Expand Up @@ -3597,6 +3599,8 @@ Packets sent from the destination to the source.
--
type: long
format: string
Port of the destination.
--
Expand Down Expand Up @@ -3895,6 +3899,8 @@ type: long
example: 7
format: string
Severity describes the original severity of the event. What the different severity values mean can very different between use cases. It's up to the implementer to make sure severities are consistent across events.
--
Expand Down Expand Up @@ -4598,6 +4604,8 @@ type: long
example: 404
format: string
HTTP response status code.
--
Expand Down Expand Up @@ -5163,6 +5171,10 @@ Sometimes called program name or similar.
--
type: long
example: 4242
format: string
Process id.
--
Expand All @@ -5172,7 +5184,11 @@ Process id.
--
type: long
Process parent id.
example: 4241
format: string
Parent process' pid.
--
Expand All @@ -5194,6 +5210,8 @@ type: long
example: 4242
format: string
Thread ID.
--
Expand Down Expand Up @@ -5401,6 +5419,8 @@ Packets sent from the server to the client.
--
type: long
format: string
Port of the server.
--
Expand Down Expand Up @@ -5717,6 +5737,8 @@ Packets sent from the source to the destination.
--
type: long
format: string
Port of the source.
--
Expand Down Expand Up @@ -5866,6 +5888,8 @@ type: long
example: 443
format: string
Port of the request, such as 443.
--
Expand Down
2 changes: 1 addition & 1 deletion auditbeat/include/fields.go

Large diffs are not rendered by default.

28 changes: 26 additions & 2 deletions filebeat/docs/fields.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -1608,7 +1608,7 @@ Version of the agent.
== client fields
A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records.
For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events.
For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events.
Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.
Expand Down Expand Up @@ -1769,6 +1769,8 @@ Packets sent from the client to the server.
--
type: long
format: string
Port of the client.
--
Expand Down Expand Up @@ -2150,6 +2152,8 @@ Packets sent from the destination to the source.
--
type: long
format: string
Port of the destination.
--
Expand Down Expand Up @@ -2448,6 +2452,8 @@ type: long
example: 7
format: string
Severity describes the original severity of the event. What the different severity values mean can very different between use cases. It's up to the implementer to make sure severities are consistent across events.
--
Expand Down Expand Up @@ -3151,6 +3157,8 @@ type: long
example: 404
format: string
HTTP response status code.
--
Expand Down Expand Up @@ -3716,6 +3724,10 @@ Sometimes called program name or similar.
--
type: long
example: 4242
format: string
Process id.
--
Expand All @@ -3725,7 +3737,11 @@ Process id.
--
type: long
Process parent id.
example: 4241
format: string
Parent process' pid.
--
Expand All @@ -3747,6 +3763,8 @@ type: long
example: 4242
format: string
Thread ID.
--
Expand Down Expand Up @@ -3954,6 +3972,8 @@ Packets sent from the server to the client.
--
type: long
format: string
Port of the server.
--
Expand Down Expand Up @@ -4270,6 +4290,8 @@ Packets sent from the source to the destination.
--
type: long
format: string
Port of the source.
--
Expand Down Expand Up @@ -4419,6 +4441,8 @@ type: long
example: 443
format: string
Port of the request, such as 443.
--
Expand Down
2 changes: 1 addition & 1 deletion filebeat/include/fields.go

Large diffs are not rendered by default.

28 changes: 26 additions & 2 deletions heartbeat/docs/fields.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -478,7 +478,7 @@ Version of the agent.
== client fields
A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records.
For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events.
For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events.
Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.
Expand Down Expand Up @@ -639,6 +639,8 @@ Packets sent from the client to the server.
--
type: long
format: string
Port of the client.
--
Expand Down Expand Up @@ -1020,6 +1022,8 @@ Packets sent from the destination to the source.
--
type: long
format: string
Port of the destination.
--
Expand Down Expand Up @@ -1318,6 +1322,8 @@ type: long
example: 7
format: string
Severity describes the original severity of the event. What the different severity values mean can very different between use cases. It's up to the implementer to make sure severities are consistent across events.
--
Expand Down Expand Up @@ -2021,6 +2027,8 @@ type: long
example: 404
format: string
HTTP response status code.
--
Expand Down Expand Up @@ -2586,6 +2594,10 @@ Sometimes called program name or similar.
--
type: long
example: 4242
format: string
Process id.
--
Expand All @@ -2595,7 +2607,11 @@ Process id.
--
type: long
Process parent id.
example: 4241
format: string
Parent process' pid.
--
Expand All @@ -2617,6 +2633,8 @@ type: long
example: 4242
format: string
Thread ID.
--
Expand Down Expand Up @@ -2824,6 +2842,8 @@ Packets sent from the server to the client.
--
type: long
format: string
Port of the server.
--
Expand Down Expand Up @@ -3140,6 +3160,8 @@ Packets sent from the source to the destination.
--
type: long
format: string
Port of the source.
--
Expand Down Expand Up @@ -3289,6 +3311,8 @@ type: long
example: 443
format: string
Port of the request, such as 443.
--
Expand Down
2 changes: 1 addition & 1 deletion heartbeat/include/fields.go

Large diffs are not rendered by default.

Loading

0 comments on commit 31a4da7

Please sign in to comment.