Skip to content

Commit

Permalink
Add minimal field set to represent groups
Browse files Browse the repository at this point in the history
  • Loading branch information
Mathieu Martin committed Nov 30, 2018
1 parent 025f7c7 commit 45d2936
Show file tree
Hide file tree
Showing 5 changed files with 68 additions and 0 deletions.
12 changes: 12 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ ECS defines these fields.
* [Event fields](#event)
* [File fields](#file)
* [Geo fields](#geo)
* [Group fields](#group)
* [Host fields](#host)
* [Log fields](#log)
* [Network fields](#network)
Expand Down Expand Up @@ -249,6 +250,17 @@ Note also that the `geo` fields are not expected to be used directly at the top
| <a name="geo.city_name"></a>geo.city_name | City name. | core | keyword | `Montreal` |


## <a name="group"></a> Group fields

The group fields are meant to represent groups that are relevant to the event.


| Field | Description | Level | Type | Example |
|---|---|---|---|---|
| <a name="group.id"></a>group.id | Unique identifier for the group on the system/platform. | core | keyword | |
| <a name="group.name"></a>group.name | Name of the group. | core | keyword | |


## <a name="host"></a> Host fields

Host fields provide information related to a host. A host can be a physical machine, a virtual machine, or a Docker container.
Expand Down
21 changes: 21 additions & 0 deletions fields.yml
Original file line number Diff line number Diff line change
Expand Up @@ -660,6 +660,27 @@
City name.
example: Montreal

- name: group
title: Group
group: 2
description: >
The group fields are meant to represent groups that are relevant to the
event.
type: group
fields:

- name: id
level: core
type: keyword
description: >
Unique identifier for the group on the system/platform.
- name: name
level: core
type: keyword
description: >
Name of the group.
- name: host
title: Host
group: 2
Expand Down
2 changes: 2 additions & 0 deletions schema.csv
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,8 @@ geo.continent_name,keyword,core,North America
geo.country_iso_code,keyword,core,CA
geo.location,geo_point,core,"{ ""lon"": -73.614830, ""lat"": 45.505918 }"
geo.region_name,keyword,core,Quebec
group.id,keyword,core,
group.name,keyword,core,
host.architecture,keyword,core,x86_64
host.hostname,keyword,core,
host.id,keyword,core,
Expand Down
21 changes: 21 additions & 0 deletions schemas/group.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
- name: group
title: Group
group: 2
description: >
The group fields are meant to represent groups that are relevant to the
event.
type: group
fields:

- name: id
level: core
type: keyword
description: >
Unique identifier for the group on the system/platform.
- name: name
level: core
type: keyword
description: >
Name of the group.
12 changes: 12 additions & 0 deletions template.json
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,18 @@
}
}
},
"group": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"host": {
"properties": {
"architecture": {
Expand Down

0 comments on commit 45d2936

Please sign in to comment.