diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 7ee664ae51..8e818d2378 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -46,6 +46,7 @@ Thanks, you're awesome :-) --> #### Improvements * Swap `Location` and `Field Set` columns in `Field Reuse` table for better readability. #1472, #1476 +* Use a bullet points to list field reuses. #1473 #### Deprecated diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index e568028909..1c5495e485 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -278,7 +278,17 @@ example: `Google LLC` [discrete] ==== Field Reuse -The `as` fields are expected to be nested at: `client.as`, `destination.as`, `server.as`, `source.as`. +The `as` fields are expected to be nested at: + + +* `client.as` + +* `destination.as` + +* `server.as` + +* `source.as` + Note also that the `as` fields are not expected to be used directly at the root of the events. @@ -896,7 +906,15 @@ example: `true` [discrete] ==== Field Reuse -The `code_signature` fields are expected to be nested at: `dll.code_signature`, `file.code_signature`, `process.code_signature`. +The `code_signature` fields are expected to be nested at: + + +* `dll.code_signature` + +* `file.code_signature` + +* `process.code_signature` + Note also that the `code_signature` fields are not expected to be used directly at the root of the events. @@ -2353,7 +2371,13 @@ type: keyword [discrete] ==== Field Reuse -The `elf` fields are expected to be nested at: `file.elf`, `process.elf`. +The `elf` fields are expected to be nested at: + + +* `file.elf` + +* `process.elf` + Note also that the `elf` fields are not expected to be used directly at the root of the events. @@ -3649,7 +3673,21 @@ example: `America/Argentina/Buenos_Aires` [discrete] ==== Field Reuse -The `geo` fields are expected to be nested at: `client.geo`, `destination.geo`, `host.geo`, `observer.geo`, `server.geo`, `source.geo`. +The `geo` fields are expected to be nested at: + + +* `client.geo` + +* `destination.geo` + +* `host.geo` + +* `observer.geo` + +* `server.geo` + +* `source.geo` + Note also that the `geo` fields are not expected to be used directly at the root of the events. @@ -3725,7 +3763,11 @@ type: keyword [discrete] ==== Field Reuse -The `group` fields are expected to be nested at: `user.group`. +The `group` fields are expected to be nested at: + + +* `user.group` + Note also that the `group` fields may be used directly at the root of the events. @@ -3835,7 +3877,15 @@ type: keyword [discrete] ==== Field Reuse -The `hash` fields are expected to be nested at: `dll.hash`, `file.hash`, `process.hash`. +The `hash` fields are expected to be nested at: + + +* `dll.hash` + +* `file.hash` + +* `process.hash` + Note also that the `hash` fields are not expected to be used directly at the root of the events. @@ -4495,7 +4545,13 @@ example: `eth0` [discrete] ==== Field Reuse -The `interface` fields are expected to be nested at: `observer.egress.interface`, `observer.ingress.interface`. +The `interface` fields are expected to be nested at: + + +* `observer.egress.interface` + +* `observer.ingress.interface` + Note also that the `interface` fields are not expected to be used directly at the root of the events. @@ -5695,7 +5751,15 @@ example: `10.14.1` [discrete] ==== Field Reuse -The `os` fields are expected to be nested at: `host.os`, `observer.os`, `user_agent.os`. +The `os` fields are expected to be nested at: + + +* `host.os` + +* `observer.os` + +* `user_agent.os` + Note also that the `os` fields are not expected to be used directly at the root of the events. @@ -6065,7 +6129,15 @@ example: `Microsoft® Windows® Operating System` [discrete] ==== Field Reuse -The `pe` fields are expected to be nested at: `dll.pe`, `file.pe`, `process.pe`. +The `pe` fields are expected to be nested at: + + +* `dll.pe` + +* `file.pe` + +* `process.pe` + Note also that the `pe` fields are not expected to be used directly at the root of the events. @@ -6398,7 +6470,11 @@ example: `/home/alice` [discrete] ==== Field Reuse -The `process` fields are expected to be nested at: `process.parent`. +The `process` fields are expected to be nested at: + + +* `process.parent` + Note also that the `process` fields may be used directly at the root of the events. @@ -8991,7 +9067,25 @@ example: `["kibana_admin", "reporting_user"]` [discrete] ==== Field Reuse -The `user` fields are expected to be nested at: `client.user`, `destination.user`, `host.user`, `server.user`, `source.user`, `user.changes`, `user.effective`, `user.target`. +The `user` fields are expected to be nested at: + + +* `client.user` + +* `destination.user` + +* `host.user` + +* `server.user` + +* `source.user` + +* `user.changes` + +* `user.effective` + +* `user.target` + Note also that the `user` fields may be used directly at the root of the events. @@ -9219,7 +9313,17 @@ example: `outside` [discrete] ==== Field Reuse -The `vlan` fields are expected to be nested at: `network.inner.vlan`, `network.vlan`, `observer.egress.vlan`, `observer.ingress.vlan`. +The `vlan` fields are expected to be nested at: + + +* `network.inner.vlan` + +* `network.vlan` + +* `observer.egress.vlan` + +* `observer.ingress.vlan` + Note also that the `vlan` fields are not expected to be used directly at the root of the events. @@ -9915,7 +10019,15 @@ example: `3` [discrete] ==== Field Reuse -The `x509` fields are expected to be nested at: `file.x509`, `tls.client.x509`, `tls.server.x509`. +The `x509` fields are expected to be nested at: + + +* `file.x509` + +* `tls.client.x509` + +* `tls.server.x509` + Note also that the `x509` fields are not expected to be used directly at the root of the events. diff --git a/scripts/templates/field_details.j2 b/scripts/templates/field_details.j2 index 278d6c7e49..6a099f0a46 100644 --- a/scripts/templates/field_details.j2 +++ b/scripts/templates/field_details.j2 @@ -90,7 +90,11 @@ example: `{{ field['example'] }}` {% if 'reusable' in fieldset -%} -The `{{ fieldset['name'] }}` fields are expected to be nested at: `{{ sorted_reuse_fields|join("`, `") }}`. +The `{{ fieldset['name'] }}` fields are expected to be nested at: + +{% for entry in sorted_reuse_fields %} +* `{{ entry }}` +{% endfor %} {% if 'top_level' in fieldset['reusable'] and fieldset['reusable']['top_level'] -%}