Merge pull request #67 from danieldong51/sample_http

Add sample files for user_agent

docs/schema/observability/logs/sample/http/http.json

@@ -13,6 +13,19 @@
  "status_code": 200
  },
  "url": "http://www.example.com:80/",
- "schema": "http"
+ "schema": "http",
+ "user_agent": {
+ "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
+ "name": "Chrome",
+ "version": "114.0.0",
+ "os": {
+ "name": "Mac OS X",
+ "full": "Mac OS X 10.15.7",
+ "version": "10.15.7",
+ "device": {
+ "name": "Mac"
+ }
+ }
+ }
  }
 }

docs/schema/observability/logs/sample/http/http_server-log.json

@@ -7,7 +7,19 @@
  "schema": "https",
  "route": "https",
  "client.ip": "192.0.2.4",
- "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
+ "user_agent": {
+ "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
+ "name": "Chrome",
+ "version": "114.0.0",
+ "os": {
+ "name": "Mac OS X",
+ "full": "Mac OS X 10.15.7",
+ "version": "10.15.7",
+ "device": {
+ "name": "Mac"
+ }
+ }
+ }
  },
  "source": {
  "domain": "example.com",

docs/schema/observability/logs/url.md

@@ -0,0 +1,33 @@
+# Observability Category: URL Log Fields
+
+The URL-based field set described here provide a comprehensive and structured representation of URLs.
+
+## Field Names and Types
+
+| Field Name | Type |
+|------------------------|---------|
+| url.original | keyword |
+| url.full | keyword |
+| url.scheme | keyword |
+| url.domain | keyword |
+| url.top_level_domain | keyword |
+| url.registered_domain | keyword |
+| url.subdomain | keyword |
+| url.port | long |
+| url.path | keyword |
+| url.query | keyword |
+| url.fragment | keyword |
+
+## Field Explanations
+
+- **url.original**: The original URL as it was observed.
+- **url.full**: The full URL, may be reconstructed.
+- **url.scheme**: The scheme of the request.
+- **url.domain**: Domain of the URL.
+- **url.top_level_domain**: The type of organization the website is registered to.
+- **url.registered_domain**: The highest level registered url domain.
+- **url.subdomain**: The type of resource.
+- **url.port**: The type of service requested, the port number.
+- **url.path**: The exact location of the web page.
+- **url.query**: The parameters of the data being queried from a website.
+- **url.fragment**: The fragment of the url.

schema/observability/logs/url.dictionary

@@ -73,7 +73,7 @@
  "description": "Path of the request, such as \"/search\".\n",
  "examples": null,
  "object_name": "path",
- "object_type": "wildcard"
+ "object_type": "keyword"
  },
  "url.query": {
  "category": "url",
@@ -83,37 +83,13 @@
  "object_name": "query",
  "object_type": "keyword"
  },
- "url.extension": {
- "category": "url",
- "component": "extension",
- "description": "The field contains the file extension from the original request url, excluding the leading dot.\nThe file extension is only set if it exists, as not every url has a file extension.\nThe leading period must not be included. For example, the value must be \"png\", not \".png\".\nNote that when the file name has multiple extensions (example.tar.gz), only the last one should be captured (\"gz\", not \"tar.gz\").\n",
- "examples": "png",
- "object_name": "extension",
- "object_type": "keyword"
- },
  "url.fragment": {
  "category": "url",
  "component": "fragment",
  "description": "Portion of the url after the `#`, such as \"top\".\nThe `#` is not part of the fragment.\n",
  "examples": null,
  "object_name": "fragment",
  "object_type": "keyword"
- },
- "url.username": {
- "category": "url",
- "component": "username",
- "description": "Username of the request.\n",
- "examples": null,
- "object_name": "username",
- "object_type": "keyword"
- },
- "url.password": {
- "category": "url",
- "component": "password",
- "description": "Password of the request.\n",
- "examples": null,
- "object_name": "password",
- "object_type": "keyword"
  }
  }
  ]

schema/observability/logs/url.mapping

@@ -11,10 +11,10 @@
  "url": {
  "properties": {
  "original": {
- "type": "wildcard"
+ "type": "keyword"
  },
  "full": {
- "type": "wildcard"
+ "type": "keyword"
  },
  "scheme": {
  "type": "keyword"
@@ -35,22 +35,13 @@
  "type": "long"
  },
  "path": {
- "type": "wildcard"
- },
- "query": {
  "type": "keyword"
  },
- "extension": {
+ "query": {
  "type": "keyword"
  },
  "fragment": {
  "type": "keyword"
- },
- "username": {
- "type": "keyword"
- },
- "password": {
- "type": "keyword"
  }
  }
  }