Handle nestings better and refactor asciidoc generation

CHANGELOG.next.md

@@ -36,6 +36,8 @@ Thanks, you're awesome :-) -->
 
 #### Improvements
 
+* Add full path names to reused fieldsets in `nestings` array in ecs_nested.yml. #803
+
 #### Deprecated
 
 

generated/ecs/ecs_flat.yml

@@ -102,7 +102,6 @@ as.number:
   name: number
   normalize: []
   order: 0
-  original_fieldset: as
   short: Unique number allocated to the autonomous system. The autonomous system number
     (ASN) uniquely identifies each network on the Internet.
   type: long
@@ -121,7 +120,6 @@ as.organization.name:
   name: organization.name
   normalize: []
   order: 1
-  original_fieldset: as
   short: Organization name.
   type: keyword
 client.address:
@@ -636,7 +634,6 @@ code_signature.exists:
   name: exists
   normalize: []
   order: 0
-  original_fieldset: code_signature
   short: Boolean to capture if a signature is present.
   type: boolean
 code_signature.status:
@@ -653,7 +650,6 @@ code_signature.status:
   name: status
   normalize: []
   order: 4
-  original_fieldset: code_signature
   short: Additional information about the certificate status.
   type: keyword
 code_signature.subject_name:
@@ -666,7 +662,6 @@ code_signature.subject_name:
   name: subject_name
   normalize: []
   order: 1
-  original_fieldset: code_signature
   short: Subject name of the code signer
   type: keyword
 code_signature.trusted:
@@ -681,7 +676,6 @@ code_signature.trusted:
   name: trusted
   normalize: []
   order: 3
-  original_fieldset: code_signature
   short: Stores the trust status of the certificate chain.
   type: boolean
 code_signature.valid:
@@ -696,7 +690,6 @@ code_signature.valid:
   name: valid
   normalize: []
   order: 2
-  original_fieldset: code_signature
   short: Boolean to capture if the digital signature is verified against the binary
     content.
   type: boolean
@@ -3021,7 +3014,6 @@ geo.city_name:
   name: city_name
   normalize: []
   order: 4
-  original_fieldset: geo
   short: City name.
   type: keyword
 geo.continent_name:
@@ -3034,7 +3026,6 @@ geo.continent_name:
   name: continent_name
   normalize: []
   order: 1
-  original_fieldset: geo
   short: Name of the continent.
   type: keyword
 geo.country_iso_code:
@@ -3047,7 +3038,6 @@ geo.country_iso_code:
   name: country_iso_code
   normalize: []
   order: 5
-  original_fieldset: geo
   short: Country ISO code.
   type: keyword
 geo.country_name:
@@ -3060,7 +3050,6 @@ geo.country_name:
   name: country_name
   normalize: []
   order: 2
-  original_fieldset: geo
   short: Country name.
   type: keyword
 geo.location:
@@ -3072,7 +3061,6 @@ geo.location:
   name: location
   normalize: []
   order: 0
-  original_fieldset: geo
   short: Longitude and latitude.
   type: geo_point
 geo.name:
@@ -3091,7 +3079,6 @@ geo.name:
   name: name
   normalize: []
   order: 7
-  original_fieldset: geo
   short: User-defined description of a location.
   type: keyword
 geo.region_iso_code:
@@ -3104,7 +3091,6 @@ geo.region_iso_code:
   name: region_iso_code
   normalize: []
   order: 6
-  original_fieldset: geo
   short: Region ISO code.
   type: keyword
 geo.region_name:
@@ -3117,7 +3103,6 @@ geo.region_name:
   name: region_name
   normalize: []
   order: 3
-  original_fieldset: geo
   short: Region name.
   type: keyword
 group.domain:
@@ -3131,7 +3116,6 @@ group.domain:
   name: domain
   normalize: []
   order: 2
-  original_fieldset: group
   short: Name of the directory the group is a member of.
   type: keyword
 group.id:
@@ -3143,7 +3127,6 @@ group.id:
   name: id
   normalize: []
   order: 0
-  original_fieldset: group
   short: Unique identifier for the group on the system/platform.
   type: keyword
 group.name:
@@ -3155,7 +3138,6 @@ group.name:
   name: name
   normalize: []
   order: 1
-  original_fieldset: group
   short: Name of the group.
   type: keyword
 hash.md5:
@@ -3167,7 +3149,6 @@ hash.md5:
   name: md5
   normalize: []
   order: 0
-  original_fieldset: hash
   short: MD5 hash.
   type: keyword
 hash.sha1:
@@ -3179,7 +3160,6 @@ hash.sha1:
   name: sha1
   normalize: []
   order: 1
-  original_fieldset: hash
   short: SHA1 hash.
   type: keyword
 hash.sha256:
@@ -3191,7 +3171,6 @@ hash.sha256:
   name: sha256
   normalize: []
   order: 2
-  original_fieldset: hash
   short: SHA256 hash.
   type: keyword
 hash.sha512:
@@ -3203,7 +3182,6 @@ hash.sha512:
   name: sha512
   normalize: []
   order: 3
-  original_fieldset: hash
   short: SHA512 hash.
   type: keyword
 host.architecture:
@@ -3792,7 +3770,6 @@ interface.alias:
   name: alias
   normalize: []
   order: 2
-  original_fieldset: interface
   short: Interface alias
   type: keyword
 interface.id:
@@ -3805,7 +3782,6 @@ interface.id:
   name: id
   normalize: []
   order: 0
-  original_fieldset: interface
   short: Interface ID
   type: keyword
 interface.name:
@@ -3818,7 +3794,6 @@ interface.name:
   name: name
   normalize: []
   order: 1
-  original_fieldset: interface
   short: Interface name
   type: keyword
 labels:
@@ -4797,7 +4772,6 @@ os.family:
   name: family
   normalize: []
   order: 3
-  original_fieldset: os
   short: OS family (such as redhat, debian, freebsd, windows).
   type: keyword
 os.full:
@@ -4815,7 +4789,6 @@ os.full:
   name: full
   normalize: []
   order: 2
-  original_fieldset: os
   short: Operating system name, including the version or code name.
   type: keyword
 os.kernel:
@@ -4828,7 +4801,6 @@ os.kernel:
   name: kernel
   normalize: []
   order: 5
-  original_fieldset: os
   short: Operating system kernel version as a raw string.
   type: keyword
 os.name:
@@ -4846,7 +4818,6 @@ os.name:
   name: name
   normalize: []
   order: 1
-  original_fieldset: os
   short: Operating system name, without the version.
   type: keyword
 os.platform:
@@ -4859,7 +4830,6 @@ os.platform:
   name: platform
   normalize: []
   order: 0
-  original_fieldset: os
   short: Operating system platform (such centos, ubuntu, windows).
   type: keyword
 os.version:
@@ -4872,7 +4842,6 @@ os.version:
   name: version
   normalize: []
   order: 4
-  original_fieldset: os
   short: Operating system version as a raw string.
   type: keyword
 package.architecture:
@@ -5047,7 +5016,6 @@ pe.company:
   name: company
   normalize: []
   order: 4
-  original_fieldset: pe
   short: Internal company name of the file, provided at compile-time.
   type: keyword
 pe.description:
@@ -5060,7 +5028,6 @@ pe.description:
   name: description
   normalize: []
   order: 2
-  original_fieldset: pe
   short: Internal description of the file, provided at compile-time.
   type: keyword
 pe.file_version:
@@ -5073,7 +5040,6 @@ pe.file_version:
   name: file_version
   normalize: []
   order: 1
-  original_fieldset: pe
   short: Process name.
   type: keyword
 pe.original_file_name:
@@ -5086,7 +5052,6 @@ pe.original_file_name:
   name: original_file_name
   normalize: []
   order: 0
-  original_fieldset: pe
   short: Internal name of the file, provided at compile-time.
   type: keyword
 pe.product:
@@ -5099,7 +5064,6 @@ pe.product:
   name: product
   normalize: []
   order: 3
-  original_fieldset: pe
   short: Internal product name of the file, provided at compile-time.
   type: keyword
 process.args:
@@ -7963,7 +7927,6 @@ user.domain:
   name: domain
   normalize: []
   order: 5
-  original_fieldset: user
   short: Name of the directory the user is a member of.
   type: keyword
 user.email:
@@ -7975,7 +7938,6 @@ user.email:
   name: email
   normalize: []
   order: 3
-  original_fieldset: user
   short: User email address.
   type: keyword
 user.full_name:
@@ -7993,7 +7955,6 @@ user.full_name:
   name: full_name
   normalize: []
   order: 2
-  original_fieldset: user
   short: User's full name, if available.
   type: keyword
 user.group.domain:
@@ -8047,7 +8008,6 @@ user.hash:
   name: hash
   normalize: []
   order: 4
-  original_fieldset: user
   short: Unique user hash to correlate information for a user in anonymized form.
   type: keyword
 user.id:
@@ -8059,7 +8019,6 @@ user.id:
   name: id
   normalize: []
   order: 0
-  original_fieldset: user
   short: Unique identifiers of the user.
   type: keyword
 user.name:
@@ -8077,7 +8036,6 @@ user.name:
   name: name
   normalize: []
   order: 1
-  original_fieldset: user
   short: Short name or login of the user.
   type: keyword
 user_agent.device.name:
@@ -8232,7 +8190,6 @@ vlan.id:
   name: id
   normalize: []
   order: 0
-  original_fieldset: vlan
   short: VLAN ID as reported by the observer.
   type: keyword
 vlan.name:
@@ -8245,7 +8202,6 @@ vlan.name:
   name: name
   normalize: []
   order: 1
-  original_fieldset: vlan
   short: Optional VLAN name as reported by the observer.
   type: keyword
 vulnerability.category: