container.yml

---
- name: container
  title: Container
  group: 2
  short: Fields describing the container that generated this event.
  description: >
    Container fields are used for meta information about the specific container
    that is the source of information.

    These fields help correlate data based containers from any runtime.
  type: group
  fields:

    - name: runtime
      level: extended
      type: keyword
      description: >
        Runtime managing this container.
      example: docker

    - name: id
      level: core
      type: keyword
      description: >
        Unique container id.

    - name: image.name
      level: extended
      type: keyword
      description: >
        Name of the image the container was built on.

    - name: image.tag
      level: extended
      type: keyword
      description: >
        Container image tag.

    - name: name
      level: extended
      type: keyword
      description: >
        Container name.

    - name: labels
      level: extended
      type: object
      object_type: keyword
      description: >
        Image labels.