Skip to content

Commit

Permalink
Import ECS 1.0.1 (elastic#12284)
Browse files Browse the repository at this point in the history
  • Loading branch information
Mathieu Martin authored May 27, 2019
1 parent f195bcd commit 00e688a
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 3 deletions.
28 changes: 26 additions & 2 deletions docs/fields.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -1055,7 +1055,7 @@ Version of the agent.
== client fields
A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records.
For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events.
For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events.
Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.
Expand Down Expand Up @@ -1216,6 +1216,8 @@ Packets sent from the client to the server.
--
type: long
format: string
Port of the client.
--
Expand Down Expand Up @@ -1597,6 +1599,8 @@ Packets sent from the destination to the source.
--
type: long
format: string
Port of the destination.
--
Expand Down Expand Up @@ -1895,6 +1899,8 @@ type: long
example: 7
format: string
Severity describes the original severity of the event. What the different severity values mean can very different between use cases. It's up to the implementer to make sure severities are consistent across events.
--
Expand Down Expand Up @@ -2598,6 +2604,8 @@ type: long
example: 404
format: string
HTTP response status code.
--
Expand Down Expand Up @@ -3163,6 +3171,10 @@ Sometimes called program name or similar.
--
type: long
example: 4242
format: string
Process id.
--
Expand All @@ -3172,7 +3184,11 @@ Process id.
--
type: long
Process parent id.
example: 4241
format: string
Parent process' pid.
--
Expand All @@ -3194,6 +3210,8 @@ type: long
example: 4242
format: string
Thread ID.
--
Expand Down Expand Up @@ -3401,6 +3419,8 @@ Packets sent from the server to the client.
--
type: long
format: string
Port of the server.
--
Expand Down Expand Up @@ -3717,6 +3737,8 @@ Packets sent from the source to the destination.
--
type: long
format: string
Port of the source.
--
Expand Down Expand Up @@ -3866,6 +3888,8 @@ type: long
example: 443
format: string
Port of the request, such as 443.
--
Expand Down
Loading

0 comments on commit 00e688a

Please sign in to comment.