Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Import ECS 1.0.0 Beta 1 field definitions #9014

Closed
wants to merge 16 commits into from
Closed
Show file tree
Hide file tree
Changes from 14 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
794 changes: 515 additions & 279 deletions auditbeat/docs/fields.asciidoc

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion auditbeat/include/fields.go

Large diffs are not rendered by default.

76 changes: 76 additions & 0 deletions filebeat/_meta/fields.common.yml
Original file line number Diff line number Diff line change
Expand Up @@ -95,8 +95,84 @@
- name: user_agent
type: group
fields:

- name: os
type: group
fields:
- name: full_name
type: keyword

# Following user_agent.os field definitions below are temporary, until user_agent makes its way back into ECS again.
# See https://github.com/elastic/ecs/pull/172
- name: platform
level: extended
type: keyword
description: >
Operating system platform (such centos, ubuntu, windows).
example: darwin

- name: name
level: extended
type: keyword
example: "Mac OS X"
description: >
Operating system name.

- name: family
level: extended
type: keyword
example: "debian"
description: >
OS family (such as redhat, debian, freebsd, windows).

- name: version
level: extended
type: keyword
example: "10.12.6-rc2"
description: >
Operating system version as a raw string.

- name: kernel
level: extended
type: keyword
example: "4.4.0-112-generic"
description: >
Operating system kernel version as a raw string.

# User agent field definitions below are temporary, until they make their way into ECS again.
# See https://github.com/elastic/ecs/pull/172
- name: original
type: keyword
description: >
Unparsed version of the user_agent.

- name: device
type: keyword
description: >
Name of the physical device.

- name: version
type: keyword
description: >
Version of the physical device.

- name: major
type: long
description: >
Major version of the user agent.

- name: minor
type: long
description: >
Minor version of the user agent.

- name: patch
type: keyword
description: >
Patch version of the user agent.

- name: name
type: keyword
example: Chrome
description: >
Name of the user agent.
Loading