Add domain field to Group Schema (#547)

Author: janniten

CHANGELOG.next.md

@@ -10,6 +10,8 @@ Thanks, you're awesome :-) -->
 ### Bugfixes
 
 ### Added
+
+* Add group.domain field #547 
 * Added `error.stack_trace` field. #562
 * Added `log.origin.file.name`, `log.origin.function` and `log.origin.file.line` fields. #563
 * Added `service.node.name` to allow distinction between different nodes of the same service running on the same host. #565

code/go/ecs/group.go

@@ -1703,6 +1703,19 @@ The group fields are meant to represent groups that are relevant to the event.
 
 // ===============================================================
 
+| group.domain
+| Name of the directory the group is a member of.
+
+For example, an LDAP or Active Directory domain name.
+
+type: keyword
+
+
+
+| extended
+
+// ===============================================================
+
 | group.id
 | Unique identifier for the group on the system/platform.
 

docs/field-details.asciidoc

@@ -303,6 +303,13 @@
       ignore_above: 1024
       description: User's full name, if available.
       example: Albert Einstein
+    - name: user.group.domain
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Name of the directory the group is a member of.
+
+        For example, an LDAP or Active Directory domain name.'
     - name: user.group.id
       level: extended
       type: keyword
@@ -589,6 +596,13 @@
       ignore_above: 1024
       description: User's full name, if available.
       example: Albert Einstein
+    - name: user.group.domain
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Name of the directory the group is a member of.
+
+        For example, an LDAP or Active Directory domain name.'
     - name: user.group.id
       level: extended
       type: keyword
@@ -1241,6 +1255,13 @@
       to the event.
     type: group
     fields:
+    - name: domain
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Name of the directory the group is a member of.
+
+        For example, an LDAP or Active Directory domain name.'
     - name: id
       level: extended
       type: keyword
@@ -1452,6 +1473,13 @@
       ignore_above: 1024
       description: User's full name, if available.
       example: Albert Einstein
+    - name: user.group.domain
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Name of the directory the group is a member of.
+
+        For example, an LDAP or Active Directory domain name.'
     - name: user.group.id
       level: extended
       type: keyword
@@ -2223,6 +2251,13 @@
       ignore_above: 1024
       description: User's full name, if available.
       example: Albert Einstein
+    - name: user.group.domain
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Name of the directory the group is a member of.
+
+        For example, an LDAP or Active Directory domain name.'
     - name: user.group.id
       level: extended
       type: keyword
@@ -2500,6 +2535,13 @@
       ignore_above: 1024
       description: User's full name, if available.
       example: Albert Einstein
+    - name: user.group.domain
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Name of the directory the group is a member of.
+
+        For example, an LDAP or Active Directory domain name.'
     - name: user.group.id
       level: extended
       type: keyword
@@ -2679,6 +2721,13 @@
       ignore_above: 1024
       description: User's full name, if available.
       example: Albert Einstein
+    - name: group.domain
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Name of the directory the group is a member of.
+
+        For example, an LDAP or Active Directory domain name.'
     - name: group.id
       level: extended
       type: keyword

generated/beats/fields.ecs.yml

@@ -33,6 +33,7 @@ client.registered_domain,keyword,extended,google.com,1.2.0-dev
 client.user.domain,keyword,extended,,1.2.0-dev
 client.user.email,keyword,extended,,1.2.0-dev
 client.user.full_name,keyword,extended,Albert Einstein,1.2.0-dev
+client.user.group.domain,keyword,extended,,1.2.0-dev
 client.user.group.id,keyword,extended,,1.2.0-dev
 client.user.group.name,keyword,extended,,1.2.0-dev
 client.user.hash,keyword,extended,,1.2.0-dev
@@ -74,6 +75,7 @@ destination.registered_domain,keyword,extended,google.com,1.2.0-dev
 destination.user.domain,keyword,extended,,1.2.0-dev
 destination.user.email,keyword,extended,,1.2.0-dev
 destination.user.full_name,keyword,extended,Albert Einstein,1.2.0-dev
+destination.user.group.domain,keyword,extended,,1.2.0-dev
 destination.user.group.id,keyword,extended,,1.2.0-dev
 destination.user.group.name,keyword,extended,,1.2.0-dev
 destination.user.hash,keyword,extended,,1.2.0-dev
@@ -152,6 +154,7 @@ geo.location,geo_point,core,"{ ""lon"": -73.614830, ""lat"": 45.505918 }",1.2.0-
 geo.name,keyword,extended,boston-dc,1.2.0-dev
 geo.region_iso_code,keyword,core,CA-QC,1.2.0-dev
 geo.region_name,keyword,core,Quebec,1.2.0-dev
+group.domain,keyword,extended,,1.2.0-dev
 group.id,keyword,extended,,1.2.0-dev
 group.name,keyword,extended,,1.2.0-dev
 hash.md5,keyword,extended,,1.2.0-dev
@@ -183,6 +186,7 @@ host.uptime,long,extended,1325,1.2.0-dev
 host.user.domain,keyword,extended,,1.2.0-dev
 host.user.email,keyword,extended,,1.2.0-dev
 host.user.full_name,keyword,extended,Albert Einstein,1.2.0-dev
+host.user.group.domain,keyword,extended,,1.2.0-dev
 host.user.group.id,keyword,extended,,1.2.0-dev
 host.user.group.name,keyword,extended,,1.2.0-dev
 host.user.hash,keyword,extended,,1.2.0-dev
@@ -284,6 +288,7 @@ server.registered_domain,keyword,extended,google.com,1.2.0-dev
 server.user.domain,keyword,extended,,1.2.0-dev
 server.user.email,keyword,extended,,1.2.0-dev
 server.user.full_name,keyword,extended,Albert Einstein,1.2.0-dev
+server.user.group.domain,keyword,extended,,1.2.0-dev
 server.user.group.id,keyword,extended,,1.2.0-dev
 server.user.group.name,keyword,extended,,1.2.0-dev
 server.user.hash,keyword,extended,,1.2.0-dev
@@ -319,6 +324,7 @@ source.registered_domain,keyword,extended,google.com,1.2.0-dev
 source.user.domain,keyword,extended,,1.2.0-dev
 source.user.email,keyword,extended,,1.2.0-dev
 source.user.full_name,keyword,extended,Albert Einstein,1.2.0-dev
+source.user.group.domain,keyword,extended,,1.2.0-dev
 source.user.group.id,keyword,extended,,1.2.0-dev
 source.user.group.name,keyword,extended,,1.2.0-dev
 source.user.hash,keyword,extended,,1.2.0-dev
@@ -340,6 +346,7 @@ url.username,keyword,extended,,1.2.0-dev
 user.domain,keyword,extended,,1.2.0-dev
 user.email,keyword,extended,,1.2.0-dev
 user.full_name,keyword,extended,Albert Einstein,1.2.0-dev
+user.group.domain,keyword,extended,,1.2.0-dev
 user.group.id,keyword,extended,,1.2.0-dev
 user.group.name,keyword,extended,,1.2.0-dev
 user.hash,keyword,extended,,1.2.0-dev

generated/csv/fields.csv

@@ -359,6 +359,18 @@ client.user.full_name:
   original_fieldset: user
   short: User's full name, if available.
   type: keyword
+client.user.group.domain:
+  description: 'Name of the directory the group is a member of.
+
+    For example, an LDAP or Active Directory domain name.'
+  flat_name: client.user.group.domain
+  ignore_above: 1024
+  level: extended
+  name: domain
+  order: 2
+  original_fieldset: user
+  short: Name of the directory the group is a member of.
+  type: keyword
 client.user.group.id:
   description: Unique identifier for the group on the system/platform.
   flat_name: client.user.group.id
@@ -799,6 +811,18 @@ destination.user.full_name:
   original_fieldset: user
   short: User's full name, if available.
   type: keyword
+destination.user.group.domain:
+  description: 'Name of the directory the group is a member of.
+
+    For example, an LDAP or Active Directory domain name.'
+  flat_name: destination.user.group.domain
+  ignore_above: 1024
+  level: extended
+  name: domain
+  order: 2
+  original_fieldset: user
+  short: Name of the directory the group is a member of.
+  type: keyword
 destination.user.group.id:
   description: Unique identifier for the group on the system/platform.
   flat_name: destination.user.group.id
@@ -1709,6 +1733,17 @@ geo.region_name:
   order: 3
   short: Region name.
   type: keyword
+group.domain:
+  description: 'Name of the directory the group is a member of.
+
+    For example, an LDAP or Active Directory domain name.'
+  flat_name: group.domain
+  ignore_above: 1024
+  level: extended
+  name: domain
+  order: 2
+  short: Name of the directory the group is a member of.
+  type: keyword
 group.id:
   description: Unique identifier for the group on the system/platform.
   flat_name: group.id
@@ -2039,6 +2074,18 @@ host.user.full_name:
   original_fieldset: user
   short: User's full name, if available.
   type: keyword
+host.user.group.domain:
+  description: 'Name of the directory the group is a member of.
+
+    For example, an LDAP or Active Directory domain name.'
+  flat_name: host.user.group.domain
+  ignore_above: 1024
+  level: extended
+  name: domain
+  order: 2
+  original_fieldset: user
+  short: Name of the directory the group is a member of.
+  type: keyword
 host.user.group.id:
   description: Unique identifier for the group on the system/platform.
   flat_name: host.user.group.id
@@ -3182,6 +3229,18 @@ server.user.full_name:
   original_fieldset: user
   short: User's full name, if available.
   type: keyword
+server.user.group.domain:
+  description: 'Name of the directory the group is a member of.
+
+    For example, an LDAP or Active Directory domain name.'
+  flat_name: server.user.group.domain
+  ignore_above: 1024
+  level: extended
+  name: domain
+  order: 2
+  original_fieldset: user
+  short: Name of the directory the group is a member of.
+  type: keyword
 server.user.group.id:
   description: Unique identifier for the group on the system/platform.
   flat_name: server.user.group.id
@@ -3600,6 +3659,18 @@ source.user.full_name:
   original_fieldset: user
   short: User's full name, if available.
   type: keyword
+source.user.group.domain:
+  description: 'Name of the directory the group is a member of.
+
+    For example, an LDAP or Active Directory domain name.'
+  flat_name: source.user.group.domain
+  ignore_above: 1024
+  level: extended
+  name: domain
+  order: 2
+  original_fieldset: user
+  short: Name of the directory the group is a member of.
+  type: keyword
 source.user.group.id:
   description: Unique identifier for the group on the system/platform.
   flat_name: source.user.group.id
@@ -3851,6 +3922,18 @@ user.full_name:
   order: 2
   short: User's full name, if available.
   type: keyword
+user.group.domain:
+  description: 'Name of the directory the group is a member of.
+
+    For example, an LDAP or Active Directory domain name.'
+  flat_name: user.group.domain
+  ignore_above: 1024
+  level: extended
+  name: domain
+  order: 2
+  original_fieldset: group
+  short: Name of the directory the group is a member of.
+  type: keyword
 user.group.id:
   description: Unique identifier for the group on the system/platform.
   flat_name: user.group.id