fields.asciidoc

{ecs} Fields

Field Sets

Field Set	Description
Base	All fields defined directly at the top level
Agent	Fields about the monitoring agent.
Client	Fields about the client side of a network connection, used with server.
Cloud	Fields about the cloud resource.
Container	Fields describing the container that generated this event.
Destination	Fields about the destination side of a network connection, used with source.
ECS	Meta-information specific to ECS.
Error	Fields about errors of any kind.
Event	Fields breaking down the event details.
File	Fields describing files.
Geo	Fields describing a location.
Group	User’s group relevant to the event.
Host	Fields describing the relevant computing instance.
HTTP	Fields describing an HTTP request.
Log	Fields which are specific to log events.
Network	Fields describing the communication path over which the event happened.
Observer	Fields describing an entity observing the event from outside the host.
Organization	Fields describing the organization or company the event is associated with.
Operating System	OS fields contain information about the operating system.
Process	These fields contain information about a process.
Related	Fields meant to facilitate pivoting around a piece of data.
Server	Fields about the server side of a network connection, used with client.
Service	Fields describing the service for or from which the data was collected.
Source	Fields about the source side of a network connection, used with destination.
URL	Fields that let you store URLs in various forms.
User	Fields to describe the user relevant to the event.
User agent	Fields to describe a browser user_agent string.