Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Format port numbers and numeric IDs as strings #454

Merged
merged 4 commits into from
May 22, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.next.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

### Improvements

* Format port numbers and numeric IDs as strings. #454
* Added examples and improved definitions of many `file` fields. #441

### Deprecated
Expand Down
12 changes: 12 additions & 0 deletions generated/beats/fields.ecs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,7 @@
- name: port
level: core
type: long
format: string
description: Port of the client.
- name: user.email
level: extended
Expand Down Expand Up @@ -463,6 +464,7 @@
- name: port
level: core
type: long
format: string
description: Port of the destination.
- name: user.email
level: extended
Expand Down Expand Up @@ -719,13 +721,15 @@
- name: sequence
level: extended
type: long
format: string
description: 'Sequence number of the event.

The sequence number is a value published by some event sources, to make the
exact ordering of events unambiguous, regarless of the timestamp precision.'
- name: severity
level: core
type: long
format: string
description: Severity describes the original severity of the event. What the
different severity values mean can very different between use cases. It's
up to the implementer to make sure severities are consistent across events.
Expand Down Expand Up @@ -1189,6 +1193,7 @@
- name: response.status_code
level: extended
type: long
format: string
description: HTTP response status code.
example: 404
- name: version
Expand Down Expand Up @@ -1580,14 +1585,17 @@
- name: pgid
level: extended
type: long
format: string
description: Identifier of the group of processes the process belongs to.
- name: pid
level: core
type: long
format: string
description: Process id.
- name: ppid
level: extended
type: long
format: string
description: Process parent id.
- name: start
level: extended
Expand All @@ -1597,6 +1605,7 @@
- name: thread.id
level: extended
type: long
format: string
description: Thread ID.
example: 4242
- name: title
Expand Down Expand Up @@ -1746,6 +1755,7 @@
- name: port
level: core
type: long
format: string
description: Port of the server.
- name: user.email
level: extended
Expand Down Expand Up @@ -1960,6 +1970,7 @@
- name: port
level: core
type: long
format: string
description: Port of the source.
- name: user.email
level: extended
Expand Down Expand Up @@ -2057,6 +2068,7 @@
- name: port
level: extended
type: long
format: string
description: Port of the request, such as 443.
example: 443
- name: query
Expand Down
12 changes: 12 additions & 0 deletions generated/ecs/ecs_flat.yml
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,7 @@ client.packets:
client.port:
description: Port of the client.
flat_name: client.port
format: string
level: core
name: port
order: 2
Expand Down Expand Up @@ -603,6 +604,7 @@ destination.packets:
destination.port:
description: Port of the destination.
flat_name: destination.port
format: string
level: core
name: port
order: 2
Expand Down Expand Up @@ -954,6 +956,7 @@ event.sequence:
The sequence number is a value published by some event sources, to make the exact
ordering of events unambiguous, regarless of the timestamp precision.'
flat_name: event.sequence
format: string
level: extended
name: sequence
order: 14
Expand All @@ -965,6 +968,7 @@ event.severity:
to make sure severities are consistent across events.
example: '7'
flat_name: event.severity
format: string
level: core
name: severity
order: 10
Expand Down Expand Up @@ -1664,6 +1668,7 @@ http.response.status_code:
description: HTTP response status code.
example: 404
flat_name: http.response.status_code
format: string
level: extended
name: response.status_code
order: 3
Expand Down Expand Up @@ -2230,6 +2235,7 @@ process.name:
process.pgid:
description: Identifier of the group of processes the process belongs to.
flat_name: process.pgid
format: string
level: extended
name: pgid
order: 3
Expand All @@ -2239,6 +2245,7 @@ process.pid:
description: Process id.
exmple: ssh
flat_name: process.pid
format: string
level: core
name: pid
order: 0
Expand All @@ -2247,6 +2254,7 @@ process.pid:
process.ppid:
description: Process parent id.
flat_name: process.ppid
format: string
level: extended
name: ppid
order: 2
Expand All @@ -2265,6 +2273,7 @@ process.thread.id:
description: Thread ID.
example: 4242
flat_name: process.thread.id
format: string
level: extended
name: thread.id
order: 7
Expand Down Expand Up @@ -2457,6 +2466,7 @@ server.packets:
server.port:
description: Port of the server.
flat_name: server.port
format: string
level: core
name: port
order: 2
Expand Down Expand Up @@ -2781,6 +2791,7 @@ source.packets:
source.port:
description: Port of the source.
flat_name: source.port
format: string
level: core
name: port
order: 2
Expand Down Expand Up @@ -2944,6 +2955,7 @@ url.port:
description: Port of the request, such as 443.
example: 443
flat_name: url.port
format: string
level: extended
name: port
order: 4
Expand Down
12 changes: 12 additions & 0 deletions generated/ecs/ecs_nested.yml
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,7 @@ client:
port:
description: Port of the client.
flat_name: client.port
format: string
level: core
name: port
order: 2
Expand Down Expand Up @@ -734,6 +735,7 @@ destination:
port:
description: Port of the destination.
flat_name: destination.port
format: string
level: core
name: port
order: 2
Expand Down Expand Up @@ -1130,6 +1132,7 @@ event:
The sequence number is a value published by some event sources, to make the
exact ordering of events unambiguous, regarless of the timestamp precision.'
flat_name: event.sequence
format: string
level: extended
name: sequence
order: 14
Expand All @@ -1141,6 +1144,7 @@ event:
up to the implementer to make sure severities are consistent across events.
example: '7'
flat_name: event.severity
format: string
level: core
name: severity
order: 10
Expand Down Expand Up @@ -1920,6 +1924,7 @@ http:
description: HTTP response status code.
example: 404
flat_name: http.response.status_code
format: string
level: extended
name: response.status_code
order: 3
Expand Down Expand Up @@ -2542,6 +2547,7 @@ process:
pgid:
description: Identifier of the group of processes the process belongs to.
flat_name: process.pgid
format: string
level: extended
name: pgid
order: 3
Expand All @@ -2551,6 +2557,7 @@ process:
description: Process id.
exmple: ssh
flat_name: process.pid
format: string
level: core
name: pid
order: 0
Expand All @@ -2559,6 +2566,7 @@ process:
ppid:
description: Process parent id.
flat_name: process.ppid
format: string
level: extended
name: ppid
order: 2
Expand All @@ -2577,6 +2585,7 @@ process:
description: Thread ID.
example: 4242
flat_name: process.thread.id
format: string
level: extended
name: thread.id
order: 7
Expand Down Expand Up @@ -2810,6 +2819,7 @@ server:
port:
description: Port of the server.
flat_name: server.port
format: string
level: core
name: port
order: 2
Expand Down Expand Up @@ -3160,6 +3170,7 @@ source:
port:
description: Port of the source.
flat_name: source.port
format: string
level: core
name: port
order: 2
Expand Down Expand Up @@ -3327,6 +3338,7 @@ url:
description: Port of the request, such as 443.
example: 443
flat_name: url.port
format: string
level: extended
name: port
order: 4
Expand Down
1 change: 1 addition & 0 deletions schemas/client.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
Can be one or multiple IPv4 or IPv6 addresses.

- name: port
format: string
level: core
type: long
description: >
Expand Down
1 change: 1 addition & 0 deletions schemas/destination.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
Can be one or multiple IPv4 or IPv6 addresses.

- name: port
format: string
level: core
type: long
description: >
Expand Down
2 changes: 2 additions & 0 deletions schemas/event.yml
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,7 @@
example: kernel

- name: severity
format: string
level: core
type: long
example: "7"
Expand Down Expand Up @@ -195,6 +196,7 @@
difference between the end and start time.

- name: sequence
format: string
level: extended
type: long
short: Sequence number of the event.
Expand Down
1 change: 1 addition & 0 deletions schemas/http.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
example: https://blog.example.com/

- name: response.status_code
format: string
level: extended
type: long
description: >
Expand Down
4 changes: 4 additions & 0 deletions schemas/process.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
fields:

- name: pid
format: string
level: core
type: long
description: >
Expand All @@ -30,12 +31,14 @@
example: ssh

- name: ppid
format: string
level: extended
type: long
description: >
Process parent id.

- name: pgid
format: string
level: extended
type: long
description: >
Expand Down Expand Up @@ -69,6 +72,7 @@
for example a browser setting its title to the web page currently opened.

- name: thread.id
format: string
level: extended
type: long
example: 4242
Expand Down
1 change: 1 addition & 0 deletions schemas/server.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
Can be one or multiple IPv4 or IPv6 addresses.

- name: port
format: string
level: core
type: long
description: >
Expand Down
1 change: 1 addition & 0 deletions schemas/source.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
Can be one or multiple IPv4 or IPv6 addresses.

- name: port
format: string
level: core
type: long
description: >
Expand Down
1 change: 1 addition & 0 deletions schemas/url.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@
example: www.elastic.co

- name: port
format: string
level: extended
type: long
description: >
Expand Down