elastic · ruflin · Aug 10, 2018
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file based on the
 * Change structure of URL. #7
 * Rename `url.href` `multi_field`. #18
 * Rename `geoip.*` to `geo`.
+* Rename `destination.hostname`, `device.hostname` and `source.hostname` to `*.host.name` to be consitent with the host object.
 
 ### Bugfixes
 

diff --git a/README.md b/README.md
@@ -119,7 +119,7 @@ Destination fields describe details about the destination of a packet/event.
 | Field | Description | Type | Multi Field | Example |
 |---|---|---|---|---|
 | <a name="destination.ip"></a>destination.ip | IP address of the destination.<br/>Can be one or multiple IPv4 or IPv6 addresses. | ip | | |
-| <a name="destination.hostname"></a>destination.hostname | Hostname of the destination. | keyword | | |
+| <a name="destination.host.name"></a>destination.host.name | Hostname of the destination. | keyword | | |
 | <a name="destination.port"></a>destination.port | Port of the destination. | long | | |
 | <a name="destination.mac"></a>destination.mac | MAC address of the destination. | keyword | | |
 | <a name="destination.domain"></a>destination.domain | Destination domain. | keyword | | |
@@ -135,7 +135,7 @@ Device fields are used to provide additional information about the device that i
 |---|---|---|---|---|
 | <a name="device.mac"></a>device.mac | MAC address of the device | keyword | | |
 | <a name="device.ip"></a>device.ip | IP address of the device. | ip | | |
-| <a name="device.hostname"></a>device.hostname | Hostname of the device. | keyword | | |
+| <a name="device.host.name"></a>device.host.name | Hostname of the device. | keyword | | |
 | <a name="device.vendor"></a>device.vendor | Device vendor information. | text | | |
 | <a name="device.version"></a>device.version | Device version. | keyword | | |
 | <a name="device.serial_number"></a>device.serial_number | Device serial number. | keyword | | |
@@ -358,7 +358,7 @@ Source fields describe details about the source of the event.
 | Field | Description | Type | Multi Field | Example |
 |---|---|---|---|---|
 | <a name="source.ip"></a>source.ip | IP address of the source.<br/>Can be one or multiple IPv4 or IPv6 addresses. | ip | | |
-| <a name="source.hostname"></a>source.hostname | Hostname of the source. | keyword | | |
+| <a name="source.host.name"></a>source.host.name | Hostname of the source. | keyword | | |
 | <a name="source.port"></a>source.port | Port of the source. | long | | |
 | <a name="source.mac"></a>source.mac | MAC address of the source. | keyword | | |
 | <a name="source.domain"></a>source.domain | Source domain. | keyword | | |

diff --git a/schema.csv b/schema.csv
@@ -21,12 +21,12 @@ container.labels,object,0,
 container.name,keyword,0,
 container.runtime,keyword,0,docker
 destination.domain,keyword,1,
-destination.hostname,keyword,0,
+destination.host.name,keyword,0,
 destination.ip,ip,0,
 destination.mac,keyword,0,
 destination.port,long,0,
 destination.subdomain,keyword,1,
-device.hostname,keyword,0,
+device.host.name,keyword,0,
 device.ip,ip,0,
 device.mac,keyword,0,
 device.serial_number,keyword,0,
@@ -121,7 +121,7 @@ service.state,keyword,1,
 service.type,keyword,1,
 service.version,keyword,1,3.2.4
 source.domain,keyword,1,
-source.hostname,keyword,0,
+source.host.name,keyword,0,
 source.ip,ip,0,
 source.mac,keyword,1,
 source.port,long,1,

diff --git a/schemas/destination.yml b/schemas/destination.yml
@@ -12,7 +12,7 @@
  IP address of the destination.
 
  Can be one or multiple IPv4 or IPv6 addresses.
- - name: hostname
+ - name: host.name
  type: keyword
  description: >
  Hostname of the destination.

diff --git a/schemas/device.yml b/schemas/device.yml
@@ -14,7 +14,7 @@
  type: ip
  description: >
  IP address of the device.
- - name: hostname
+ - name: host.name
  type: keyword
  description: >
  Hostname of the device.

diff --git a/schemas/source.yml b/schemas/source.yml
@@ -11,7 +11,7 @@
  IP address of the source.
 
  Can be one or multiple IPv4 or IPv6 addresses.
- - name: hostname
+ - name: host.name
  type: keyword
  description: >
  Hostname of the source.

diff --git a/template.json b/template.json
@@ -124,9 +124,13 @@
  "ignore_above": 1024,
  "type": "keyword"
  },
- "hostname": {
- "ignore_above": 1024,
- "type": "keyword"
+ "host": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
  },
  "ip": {
  "type": "ip"
@@ -146,9 +150,13 @@
  },
  "device": {
  "properties": {
- "hostname": {
- "ignore_above": 1024,
- "type": "keyword"
+ "host": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
  },
  "ip": {
  "type": "ip"
@@ -627,9 +635,13 @@
  "ignore_above": 1024,
  "type": "keyword"
  },
- "hostname": {
- "ignore_above": 1024,
- "type": "keyword"
+ "host": {
+ "properties": {
+ "name": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ }
+ }
  },
  "ip": {
  "type": "ip"