From 3e9bb79be3a02360b321e7f303fc20a73d54fc2c Mon Sep 17 00:00:00 2001 From: Eric Beahan Date: Tue, 29 Sep 2020 10:37:38 -0500 Subject: [PATCH] undo changes to host field definitions --- code/go/ecs/host.go | 28 -------------- docs/field-details.asciidoc | 41 --------------------- generated/beats/fields.ecs.yml | 37 ------------------- generated/csv/fields.csv | 3 -- generated/ecs/ecs_flat.yml | 48 ------------------------ generated/ecs/ecs_nested.yml | 49 ------------------------- generated/elasticsearch/6/template.json | 12 ------ generated/elasticsearch/7/template.json | 12 ------ schemas/host.yml | 39 -------------------- 9 files changed, 269 deletions(-) diff --git a/code/go/ecs/host.go b/code/go/ecs/host.go index 5c3b3e22d8..1d66d78832 100644 --- a/code/go/ecs/host.go +++ b/code/go/ecs/host.go @@ -64,32 +64,4 @@ type Host struct { // or NetBIOS domain name. For Linux this could be the domain of the host's // LDAP provider. Domain string `ecs:"domain"` - - // The highest registered domain, stripped of the subdomain. For example, - // the registered domain for " www.east.mydomain.co.uk " is - // "mydomain.co.uk". This value can be determined precisely with a list - // like the public suffix list (http://publicsuffix.org). Trying to - // approximate this by simply taking the last two labels will not work well - // for TLDs such as "co.uk". - RegisteredDomain string `ecs:"registered_domain"` - - // The effective top level domain (eTLD), also known as the domain suffix, - // is the last part of the domain name and is typically inclusive of the - // top level domain (e.g. "co"), as well as including country code and - // region codes For example, the top level domain for - // www.east.mydomain.co.uk is "co.uk". This value can be determined - // precisely with a list like the public suffix list - // (http://publicsuffix.org). - TopLevelDomain string `ecs:"top_level_domain"` - - // The subdomain portion of a fully qualified domain name includes all of - // the names except the host name under the registered_domain. In a - // partially qualified domain, or if the the qualification level of the - // full name cannot be determined, subdomain contains all of the names - // below the registered domain. - // For example the subdomain portion of "www.east.mydomain.co.uk" is - // "east". If the domain has multiple levels of subdomain, such as - // "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", - // with no trailing period. - Subdomain string `ecs:"subdomain"` } diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index f273e416a5..f626612438 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -2724,47 +2724,6 @@ type: keyword // =============================================================== -| host.registered_domain -| The highest registered domain, stripped of the subdomain. For example, the registered domain for " www.east.mydomain.co.uk " is "mydomain.co.uk". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". - -type: keyword - - - -example: `mydomain.co.uk` - -| extended - -// =============================================================== - -| host.subdomain -| The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. - -For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. - -type: keyword - - - -example: `east` - -| extended - -// =============================================================== - -| host.top_level_domain -| The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name and is typically inclusive of the top level domain (e.g. "co"), as well as including country code and region codes For example, the top level domain for www.east.mydomain.co.uk is "co.uk". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). - -type: keyword - - - -example: `co.uk` - -| extended - -// =============================================================== - | host.type | Type of host. diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 2e575117ae..91f5254f1c 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2217,43 +2217,6 @@ ignore_above: 1024 description: Operating system version as a raw string. example: 10.14.1 - - name: registered_domain - level: extended - type: keyword - ignore_above: 1024 - description: The highest registered domain, stripped of the subdomain. For example, - the registered domain for " www.east.mydomain.co.uk " is "mydomain.co.uk". - This value can be determined precisely with a list like the public suffix - list (http://publicsuffix.org). Trying to approximate this by simply taking - the last two labels will not work well for TLDs such as "co.uk". - example: mydomain.co.uk - default_field: false - - name: subdomain - level: extended - type: keyword - ignore_above: 1024 - description: 'The subdomain portion of a fully qualified domain name includes - all of the names except the host name under the registered_domain. In a partially - qualified domain, or if the the qualification level of the full name cannot - be determined, subdomain contains all of the names below the registered domain. - - For example the subdomain portion of "www.east.mydomain.co.uk" is "east". - If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", - the subdomain field should contain "sub2.sub1", with no trailing period.' - example: east - default_field: false - - name: top_level_domain - level: extended - type: keyword - ignore_above: 1024 - description: The effective top level domain (eTLD), also known as the domain - suffix, is the last part of the domain name and is typically inclusive of - the top level domain (e.g. "co"), as well as including country code and region - codes For example, the top level domain for www.east.mydomain.co.uk is "co.uk". - This value can be determined precisely with a list like the public suffix - list (http://publicsuffix.org). - example: co.uk - default_field: false - name: type level: core type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index f17d9c6ad5..2e023a3236 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -252,9 +252,6 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev,true,host,host.os.name.text,text,extended,,Mac OS X,"Operating system name, without the version." 2.0.0-dev,true,host,host.os.platform,keyword,extended,,darwin,"Operating system platform (such centos, ubuntu, windows)." 2.0.0-dev,true,host,host.os.version,keyword,extended,,10.14.1,Operating system version as a raw string. -2.0.0-dev,true,host,host.registered_domain,keyword,extended,,mydomain.co.uk,"The highest registered domain, stripped of the subdomain." -2.0.0-dev,true,host,host.subdomain,keyword,extended,,east,The subdomain of the domain. -2.0.0-dev,true,host,host.top_level_domain,keyword,extended,,co.uk,"The effective top level domain (com, org, net, co.uk)." 2.0.0-dev,true,host,host.type,keyword,core,,,Type of host. 2.0.0-dev,true,host,host.uptime,long,extended,,1325,Seconds the host has been up. 2.0.0-dev,true,host,host.user.domain,keyword,extended,,,Name of the directory the user is a member of. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index b57517a8f1..a209023534 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -3445,54 +3445,6 @@ host.os.version: original_fieldset: os short: Operating system version as a raw string. type: keyword -host.registered_domain: - dashed_name: host-registered-domain - description: The highest registered domain, stripped of the subdomain. For example, - the registered domain for " www.east.mydomain.co.uk " is "mydomain.co.uk". This - value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). - Trying to approximate this by simply taking the last two labels will not work - well for TLDs such as "co.uk". - example: mydomain.co.uk - flat_name: host.registered_domain - ignore_above: 1024 - level: extended - name: registered_domain - normalize: [] - short: The highest registered domain, stripped of the subdomain. - type: keyword -host.subdomain: - dashed_name: host-subdomain - description: 'The subdomain portion of a fully qualified domain name includes all - of the names except the host name under the registered_domain. In a partially - qualified domain, or if the the qualification level of the full name cannot be - determined, subdomain contains all of the names below the registered domain. - - For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the - domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the - subdomain field should contain "sub2.sub1", with no trailing period.' - example: east - flat_name: host.subdomain - ignore_above: 1024 - level: extended - name: subdomain - normalize: [] - short: The subdomain of the domain. - type: keyword -host.top_level_domain: - dashed_name: host-top-level-domain - description: The effective top level domain (eTLD), also known as the domain suffix, - is the last part of the domain name and is typically inclusive of the top level - domain (e.g. "co"), as well as including country code and region codes For example, - the top level domain for www.east.mydomain.co.uk is "co.uk". This value can be - determined precisely with a list like the public suffix list (http://publicsuffix.org). - example: co.uk - flat_name: host.top_level_domain - ignore_above: 1024 - level: extended - name: top_level_domain - normalize: [] - short: The effective top level domain (com, org, net, co.uk). - type: keyword host.type: dashed_name: host-type description: 'Type of host. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 42156aee39..2189a64503 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -4110,55 +4110,6 @@ host: original_fieldset: os short: Operating system version as a raw string. type: keyword - host.registered_domain: - dashed_name: host-registered-domain - description: The highest registered domain, stripped of the subdomain. For example, - the registered domain for " www.east.mydomain.co.uk " is "mydomain.co.uk". - This value can be determined precisely with a list like the public suffix - list (http://publicsuffix.org). Trying to approximate this by simply taking - the last two labels will not work well for TLDs such as "co.uk". - example: mydomain.co.uk - flat_name: host.registered_domain - ignore_above: 1024 - level: extended - name: registered_domain - normalize: [] - short: The highest registered domain, stripped of the subdomain. - type: keyword - host.subdomain: - dashed_name: host-subdomain - description: 'The subdomain portion of a fully qualified domain name includes - all of the names except the host name under the registered_domain. In a partially - qualified domain, or if the the qualification level of the full name cannot - be determined, subdomain contains all of the names below the registered domain. - - For example the subdomain portion of "www.east.mydomain.co.uk" is "east". - If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", - the subdomain field should contain "sub2.sub1", with no trailing period.' - example: east - flat_name: host.subdomain - ignore_above: 1024 - level: extended - name: subdomain - normalize: [] - short: The subdomain of the domain. - type: keyword - host.top_level_domain: - dashed_name: host-top-level-domain - description: The effective top level domain (eTLD), also known as the domain - suffix, is the last part of the domain name and is typically inclusive of - the top level domain (e.g. "co"), as well as including country code and region - codes For example, the top level domain for www.east.mydomain.co.uk is "co.uk". - This value can be determined precisely with a list like the public suffix - list (http://publicsuffix.org). - example: co.uk - flat_name: host.top_level_domain - ignore_above: 1024 - level: extended - name: top_level_domain - normalize: [] - short: The effective top level domain (com, org, net, co.uk). - type: keyword host.type: dashed_name: host-type description: 'Type of host. diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index ffb071c7ab..c597a6d2cb 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -1173,18 +1173,6 @@ } } }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, "type": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 32eec31cb9..63c8c381c8 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -1172,18 +1172,6 @@ } } }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, "type": { "ignore_above": 1024, "type": "keyword" diff --git a/schemas/host.yml b/schemas/host.yml index 413838b246..2fdbd9e4f7 100644 --- a/schemas/host.yml +++ b/schemas/host.yml @@ -96,42 +96,3 @@ For Linux this could be the domain of the host's LDAP provider. example: CONTOSO - - name: registered_domain - level: extended - type: keyword - short: The highest registered domain, stripped of the subdomain. - description: > - The highest registered domain, stripped of the subdomain. - For example, the registered domain for " www.east.mydomain.co.uk " is "mydomain.co.uk". - This value can be determined precisely with a list like the public - suffix list (http://publicsuffix.org). Trying to approximate this by - simply taking the last two labels will not work well for TLDs such as "co.uk". - example: mydomain.co.uk - - - name: top_level_domain - level: extended - type: keyword - short: The effective top level domain (com, org, net, co.uk). - description: > - The effective top level domain (eTLD), also known as the domain suffix, - is the last part of the domain name and is typically inclusive of the - top level domain (e.g. "co"), as well as including country code and region codes - For example, the top level domain for www.east.mydomain.co.uk is "co.uk". - This value can be determined precisely with a list like the public - suffix list (http://publicsuffix.org). - example: co.uk - - - name: subdomain - level: extended - type: keyword - short: The subdomain of the domain. - description: > - The subdomain portion of a fully qualified domain name includes all of the names except - the host name under the registered_domain. In a partially qualified domain, or if the - the qualification level of the full name cannot be determined, subdomain contains all of - the names below the registered domain. - - For example the subdomain portion of "www.east.mydomain.co.uk" is "east". - If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", - the subdomain field should contain "sub2.sub1", with no trailing period. - example: east