From 32e8489ea4fa4b5faa977816c89051d33cc6c969 Mon Sep 17 00:00:00 2001 From: Mathieu Martin Date: Thu, 12 Nov 2020 14:03:21 -0500 Subject: [PATCH] Give guidance on OSes that don't fall in any of these categories --- code/go/ecs/os.go | 3 +++ docs/field-details.asciidoc | 2 ++ experimental/generated/beats/fields.ecs.yml | 20 ++++++++++++++++---- experimental/generated/ecs/ecs_flat.yml | 15 ++++++++++++--- experimental/generated/ecs/ecs_nested.yml | 20 ++++++++++++++++---- generated/beats/fields.ecs.yml | 20 ++++++++++++++++---- generated/ecs/ecs_flat.yml | 15 ++++++++++++--- generated/ecs/ecs_nested.yml | 20 ++++++++++++++++---- schemas/os.yml | 3 +++ 9 files changed, 96 insertions(+), 22 deletions(-) diff --git a/code/go/ecs/os.go b/code/go/ecs/os.go index eb3a321de3..be46e849df 100644 --- a/code/go/ecs/os.go +++ b/code/go/ecs/os.go @@ -24,6 +24,9 @@ type Os struct { // Categorize the operating system in one of the broad commercial families. // One of these following values should be used (lowercase): linux, macos, // unix, windows. + // If the OS is not part of any of these families, the field should not be + // populated. Please let us know by opening an issue with ECS, to have it + // added to the list. CommercialFamily string `ecs:"commercial_family"` // Operating system platform (such centos, ubuntu, windows). diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 3f052177c5..8b879e684f 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -3858,6 +3858,8 @@ The OS fields contain information about the operating system. One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS is not part of any of these families, the field should not be populated. Please let us know by opening an issue with ECS, to have it added to the list. + type: keyword diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 79e885c5aa..84d603ded7 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -2139,7 +2139,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: os.family @@ -2898,7 +2901,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: os.family @@ -3014,7 +3020,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: family @@ -5707,7 +5716,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: os.family diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index c1c674cc80..0ac446c782 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -3342,7 +3342,10 @@ host.os.commercial_family: description: 'Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: host.os.commercial_family ignore_above: 1024 @@ -4493,7 +4496,10 @@ observer.os.commercial_family: description: 'Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: observer.os.commercial_family ignore_above: 1024 @@ -8745,7 +8751,10 @@ user_agent.os.commercial_family: description: 'Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: user_agent.os.commercial_family ignore_above: 1024 diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 0eae24f380..0c2b7be9a2 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -4006,7 +4006,10 @@ host: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: host.os.commercial_family ignore_above: 1024 @@ -5275,7 +5278,10 @@ observer: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: observer.os.commercial_family ignore_above: 1024 @@ -5499,7 +5505,10 @@ os: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: os.commercial_family ignore_above: 1024 @@ -10077,7 +10086,10 @@ user_agent: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: user_agent.os.commercial_family ignore_above: 1024 diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 1fa983db8a..65d74bfe95 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2182,7 +2182,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: os.family @@ -2952,7 +2955,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: os.family @@ -3071,7 +3077,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: family @@ -5587,7 +5596,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: os.family diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 0d7ba60b42..e960a9b5a2 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -3390,7 +3390,10 @@ host.os.commercial_family: description: 'Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: host.os.commercial_family ignore_above: 1024 @@ -4552,7 +4555,10 @@ observer.os.commercial_family: description: 'Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: observer.os.commercial_family ignore_above: 1024 @@ -8468,7 +8474,10 @@ user_agent.os.commercial_family: description: 'Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: user_agent.os.commercial_family ignore_above: 1024 diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index cbcac03e01..286b1d5542 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -4056,7 +4056,10 @@ host: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: host.os.commercial_family ignore_above: 1024 @@ -5336,7 +5339,10 @@ observer: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: observer.os.commercial_family ignore_above: 1024 @@ -5563,7 +5569,10 @@ os: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: os.commercial_family ignore_above: 1024 @@ -9784,7 +9793,10 @@ user_agent: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: user_agent.os.commercial_family ignore_above: 1024 diff --git a/schemas/os.yml b/schemas/os.yml index 56b2269b7d..5a704cb10d 100644 --- a/schemas/os.yml +++ b/schemas/os.yml @@ -21,6 +21,9 @@ Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list. example: macos - name: platform