Skip to content

Commit

Permalink
Give guidance on OSes that don't fall in any of these categories
Browse files Browse the repository at this point in the history
  • Loading branch information
Mathieu Martin committed Nov 12, 2020
1 parent 3db68d7 commit 32e8489
Show file tree
Hide file tree
Showing 9 changed files with 96 additions and 22 deletions.
3 changes: 3 additions & 0 deletions code/go/ecs/os.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions docs/field-details.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3858,6 +3858,8 @@ The OS fields contain information about the operating system.

One of these following values should be used (lowercase): linux, macos, unix, windows.

If the OS is not part of any of these families, the field should not be populated. Please let us know by opening an issue with ECS, to have it added to the list.

type: keyword


Expand Down
20 changes: 16 additions & 4 deletions experimental/generated/beats/fields.ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2139,7 +2139,10 @@
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
default_field: false
- name: os.family
Expand Down Expand Up @@ -2898,7 +2901,10 @@
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
default_field: false
- name: os.family
Expand Down Expand Up @@ -3014,7 +3020,10 @@
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
default_field: false
- name: family
Expand Down Expand Up @@ -5707,7 +5716,10 @@
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
default_field: false
- name: os.family
Expand Down
15 changes: 12 additions & 3 deletions experimental/generated/ecs/ecs_flat.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3342,7 +3342,10 @@ host.os.commercial_family:
description: 'Categorize the operating system in one of the broad commercial families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: host.os.commercial_family
ignore_above: 1024
Expand Down Expand Up @@ -4493,7 +4496,10 @@ observer.os.commercial_family:
description: 'Categorize the operating system in one of the broad commercial families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: observer.os.commercial_family
ignore_above: 1024
Expand Down Expand Up @@ -8745,7 +8751,10 @@ user_agent.os.commercial_family:
description: 'Categorize the operating system in one of the broad commercial families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: user_agent.os.commercial_family
ignore_above: 1024
Expand Down
20 changes: 16 additions & 4 deletions experimental/generated/ecs/ecs_nested.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4006,7 +4006,10 @@ host:
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: host.os.commercial_family
ignore_above: 1024
Expand Down Expand Up @@ -5275,7 +5278,10 @@ observer:
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: observer.os.commercial_family
ignore_above: 1024
Expand Down Expand Up @@ -5499,7 +5505,10 @@ os:
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: os.commercial_family
ignore_above: 1024
Expand Down Expand Up @@ -10077,7 +10086,10 @@ user_agent:
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: user_agent.os.commercial_family
ignore_above: 1024
Expand Down
20 changes: 16 additions & 4 deletions generated/beats/fields.ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2182,7 +2182,10 @@
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
default_field: false
- name: os.family
Expand Down Expand Up @@ -2952,7 +2955,10 @@
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
default_field: false
- name: os.family
Expand Down Expand Up @@ -3071,7 +3077,10 @@
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
default_field: false
- name: family
Expand Down Expand Up @@ -5587,7 +5596,10 @@
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
default_field: false
- name: os.family
Expand Down
15 changes: 12 additions & 3 deletions generated/ecs/ecs_flat.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3390,7 +3390,10 @@ host.os.commercial_family:
description: 'Categorize the operating system in one of the broad commercial families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: host.os.commercial_family
ignore_above: 1024
Expand Down Expand Up @@ -4552,7 +4555,10 @@ observer.os.commercial_family:
description: 'Categorize the operating system in one of the broad commercial families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: observer.os.commercial_family
ignore_above: 1024
Expand Down Expand Up @@ -8468,7 +8474,10 @@ user_agent.os.commercial_family:
description: 'Categorize the operating system in one of the broad commercial families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: user_agent.os.commercial_family
ignore_above: 1024
Expand Down
20 changes: 16 additions & 4 deletions generated/ecs/ecs_nested.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4056,7 +4056,10 @@ host:
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: host.os.commercial_family
ignore_above: 1024
Expand Down Expand Up @@ -5336,7 +5339,10 @@ observer:
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: observer.os.commercial_family
ignore_above: 1024
Expand Down Expand Up @@ -5563,7 +5569,10 @@ os:
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: os.commercial_family
ignore_above: 1024
Expand Down Expand Up @@ -9784,7 +9793,10 @@ user_agent:
families.
One of these following values should be used (lowercase): linux, macos, unix,
windows.'
windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.'
example: macos
flat_name: user_agent.os.commercial_family
ignore_above: 1024
Expand Down
3 changes: 3 additions & 0 deletions schemas/os.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@
Categorize the operating system in one of the broad commercial families.
One of these following values should be used (lowercase): linux, macos, unix, windows.
If the OS is not part of any of these families, the field should not be populated.
Please let us know by opening an issue with ECS, to have it added to the list.
example: macos

- name: platform
Expand Down

0 comments on commit 32e8489

Please sign in to comment.