diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 78806855e7..f9c679a534 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -6046,11 +6046,13 @@ level: core type: keyword ignore_above: 1024 - description: 'Raw text message of entire event. Used to demonstrate log integrity. + description: 'Raw text message of entire event. Used to demonstrate log integrity or + where the full log message (before splitting it up in multiple parts) may + be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and - index this field, consider using the wildcard data type.' + index this field, please see `Field data types` in the `Elasticsearch Reference`.' example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 index: false diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 8d587d4d7c..a2cc2cb6b3 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -9031,11 +9031,13 @@ threat.enrichments.event.module: type: keyword threat.enrichments.event.original: dashed_name: threat-enrichments-event-original - description: 'Raw text message of entire event. Used to demonstrate log integrity. + description: 'Raw text message of entire event. Used to demonstrate log integrity or + where the full log message (before splitting it up in multiple parts) may be + required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index - this field, consider using the wildcard data type.' + this field, please see `Field data types` in the `Elasticsearch Reference`.' doc_values: false example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 0bed67c262..7966d6269f 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -10716,11 +10716,13 @@ threat: type: keyword threat.enrichments.event.original: dashed_name: threat-enrichments-event-original - description: 'Raw text message of entire event. Used to demonstrate log integrity. + description: 'Raw text message of entire event. Used to demonstrate log integrity or + where the full log message (before splitting it up in multiple parts) may + be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and - index this field, consider using the wildcard data type.' + index this field, please see `Field data types` in the `Elasticsearch Reference`.' doc_values: false example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232