[Docs] Further explain user.id vs. user.name on main page
#1503
Assignees
Labels
DOCS
Any issue related to ECS documentation
documentation
enhancement
New feature or request
ready
Issues we'd like to address in the future.
Comments
a03nikki
added
enhancement
|
Thanks for the detailed issue, @a03nikki. This is great feedback, and we'll certainly use this context to improve the descriptions and examples. I agree there can be confusion between |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Users (aka human end users) of the ECS sometimes get confused between
user.idanduser.name.Motivation:
Often in spoken American English the phrases "What is your user ID?" and "What is your user name?" are often used interchangeably in conversation. Then when reviewing the documentation for the User Fields it is not as clear as it could be. The new User Fields Usage and Examples helps but the initial page could use additional details.
Detailed Design:
Current (v1.10) version
It brought confusion because
albertis also the first name ofAlbert Einstein. Additionally there is no example of anuser.id. The description ofunique identifiercould also mean auser.nameas well because it uniquely identifies an individual within an organization too.Clarification of the values and how they should be populated across data sources is important for large organizations who have multiple platforms (Windows, Linux, Public Cloud, Active Directory (AD), etc.) and are using the ECS for data standardization for security analytics (such as standardizing searches across platforms and user entity analytics).
An updated version of the documentation such as this may be helpful for them
user.nameI updated to a value that is not the first name but rather a derived value still related to the users name.user.idbased on Flesh out theuserobject #117 but that may not clarify the usage of user.id any further.The text was updated successfully, but these errors were encountered: