-
Notifications
You must be signed in to change notification settings - Fork 419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify host.name vs. host.hostname #498
Comments
related: elastic/kibana#40486 |
The hostname of a machine should always be put in
|
The descriptions for these fields kind of hint at this distinction, but it's probably not explicit enough. I'll make a note to clarify the relationship between these two fields. |
Ok. Could you elaborate on the use case? When is host.name applicable?
…On Mon, 8 Jul 2019 at 20.53, Mathieu Martin ***@***.***> wrote:
The descriptions for these fields kind of hint at this distinction, but
it's probably not explicit enough. I'll make a note to clarify the
relationship between these two fields.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#498?email_source=notifications&email_token=AAAAF2GA5GOHYGMDYWVZM33P6OEJJA5CNFSM4H62AF5KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZOARPA#issuecomment-509348028>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAAAF2D74Z24JGIF4BWNDL3P6OEJJANCNFSM4H62AF5A>
.
|
Standard use case should be: all events have both If someone's environment creates duplicate hostnames or if users want to override with the ID or name from their inventory asset management system, they need to modify This way, Accordingly, Elastic SIEM is using |
@roncohen Did the explanation above make sense? Can we close this issue? |
OK, seems like we'd need to set both, allow users to override |
Yes, precisely
…On Wed, Jul 17, 2019 at 07:14 Ron Cohen ***@***.***> wrote:
OK, seems like we'd need to set both and allow users to override host.name
?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#498?email_source=notifications&email_token=AAAAR7AK5ZZEV4CIMGXQK3DP735KPA5CNFSM4H62AF5KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2D3PCI#issuecomment-512210825>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAAAR7CBGTTYEURQMBJWVCTP735KPANCNFSM4H62AF5A>
.
|
thanks! |
there's still confusion about this. What can we do to clarify? Ideas:
|
Could you open a new issue detailing what the confusion is? |
Comparing beats output in 7.6.2 release: This causes Kibana apps such as metric explorer to show two instances of the host. It's not clear which field should be used, and the beats do not seem to use host.name field consistently. |
@johncollaros ECS defines the schema, but doesn't take part in implementing it across all of our products. Please raise this issue with Beats. |
Following up from #62, it's unclear when to use
host.name
and when to usehost.hostname
. APM sendshost.hostname
while beats sendhost.name
. This is what ECS was designed to fix, so it looks like we need to clarify when to use what and potentially remove one of them.The text was updated successfully, but these errors were encountered: