-
Notifications
You must be signed in to change notification settings - Fork 458
/
ecs.yml
106 lines (106 loc) · 2.07 KB
/
ecs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
- external: ecs
name: container.name
- external: ecs
name: container.runtime
- external: ecs
name: ecs.version
- external: ecs
name: event.action
- external: ecs
name: event.category
- external: ecs
name: event.created
- external: ecs
name: event.duration
- external: ecs
name: event.end
- external: ecs
name: event.id
- external: ecs
name: event.ingested
- external: ecs
name: event.original
- external: ecs
name: event.outcome
- external: ecs
name: event.provider
- external: ecs
name: event.start
- external: ecs
name: event.type
- external: ecs
name: group.domain
- external: ecs
name: group.id
- external: ecs
name: group.name
- external: ecs
name: log.file.path
- external: ecs
name: message
- external: ecs
name: organization.id
- external: ecs
name: related.hash
- external: ecs
name: related.hosts
- external: ecs
name: related.ip
- external: ecs
name: related.user
- external: ecs
name: source.address
- external: ecs
name: source.as.number
- external: ecs
name: source.as.organization.name
- external: ecs
name: source.geo.city_name
- external: ecs
name: source.geo.continent_name
- external: ecs
name: source.geo.country_iso_code
- external: ecs
name: source.geo.country_name
- name: source.geo.location
level: core
type: geo_point
description: Longitude and latitude.
- external: ecs
name: source.geo.region_iso_code
- external: ecs
name: source.geo.region_name
- external: ecs
name: source.ip
- external: ecs
name: source.user.domain
- external: ecs
name: source.user.email
- external: ecs
name: source.user.id
- external: ecs
name: source.user.name
- external: ecs
name: tags
- external: ecs
name: user.domain
- external: ecs
name: user.email
- external: ecs
name: user.id
- external: ecs
name: user.name
- external: ecs
name: user.target.domain
- external: ecs
name: user.target.email
- external: ecs
name: user.target.group.domain
- external: ecs
name: user.target.group.id
- external: ecs
name: user.target.group.name
- external: ecs
name: user.target.id
- external: ecs
name: user.target.name