diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 5f1a2e6401..fbebf829eb 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -12,6 +12,7 @@ Thanks, you're awesome :-) --> * Removing deprecated --oss from generator #1404 * Removing use-cases directory #1405 +* Remove `host.user.*` field reuse. #1439 ### Schema Changes diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index b11b2a4aef..d6788b4e1e 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -4141,13 +4141,6 @@ example: `1325` // =============================================================== -| <> -| `host.user.*` -| This reuse is deprecated and will be removed in the next major ECS version. - -// =============================================================== - - |===== [[ecs-http]] @@ -8765,7 +8758,7 @@ example: `["kibana_admin", "reporting_user"]` [discrete] ==== Field Reuse -The `user` fields are expected to be nested at: `client.user`, `destination.user`, `host.user`, `server.user`, `source.user`, `user.changes`, `user.effective`, `user.target`. +The `user` fields are expected to be nested at: `client.user`, `destination.user`, `server.user`, `source.user`, `user.changes`, `user.effective`, `user.target`. Note also that the `user` fields may be used directly at the root of the events. diff --git a/docs/usage/user.asciidoc b/docs/usage/user.asciidoc index 64fa215a04..6951723edb 100644 --- a/docs/usage/user.asciidoc +++ b/docs/usage/user.asciidoc @@ -18,8 +18,6 @@ Here are the subjects covered in this page. * <> -* <> - [discrete] [[ecs-user-usage-categorization]] ===== Categorization @@ -113,7 +111,6 @@ Here's the full list of places where the user fields can appear: * `destination.user.*` * `client.user.*` * `server.user.*` -* `host.user.*` (<>) Let's go over the meaning of each. @@ -421,10 +418,3 @@ it's the creation / rename of the user, or events where this user was active in For examples of mapping events from various sources, you can look at https://github.com/elastic/ecs/blob/master/rfcs/text/0007-multiple-users.md#source-data[RFC 0007 in section Source Data]. - -[discrete] -[[ecs-user-usage-deprecations]] -===== Deprecations - -As of ECS 1.8, `host.user.*` fields are deprecated and will be removed at the next -major version of ECS. diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 4e0d36e184..45c5a9afe9 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -3309,75 +3309,6 @@ type: long description: Seconds the host has been up. example: 1325 - - name: user.domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the directory the user is a member of. - - For example, an LDAP or Active Directory domain name.' - - name: user.email - level: extended - type: wildcard - description: User email address. - - name: user.full_name - level: extended - type: wildcard - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: User's full name, if available. - example: Albert Einstein - - name: user.group.domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the directory the group is a member of. - - For example, an LDAP or Active Directory domain name.' - - name: user.group.id - level: extended - type: keyword - ignore_above: 1024 - description: Unique identifier for the group on the system/platform. - - name: user.group.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the group. - - name: user.hash - level: extended - type: keyword - ignore_above: 1024 - description: 'Unique user hash to correlate information for a user in anonymized - form. - - Useful if `user.id` or `user.name` contain confidential information and cannot - be used.' - - name: user.id - level: core - type: keyword - ignore_above: 1024 - description: Unique identifier of the user. - - name: user.name - level: core - type: wildcard - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Short name or login of the user. - example: albert - - name: user.roles - level: extended - type: keyword - ignore_above: 1024 - description: Array of user roles at the time of the event. - example: '["kibana_admin", "reporting_user"]' - default_field: false - name: http title: HTTP group: 2 diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index 91fa826f98..f5f3895522 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -372,18 +372,6 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev+exp,true,host,host.os.version,keyword,extended,,10.14.1,Operating system version as a raw string. 2.0.0-dev+exp,true,host,host.type,keyword,core,,,Type of host. 2.0.0-dev+exp,true,host,host.uptime,long,extended,,1325,Seconds the host has been up. -2.0.0-dev+exp,true,host,host.user.domain,keyword,extended,,,Name of the directory the user is a member of. -2.0.0-dev+exp,true,host,host.user.email,wildcard,extended,,,User email address. -2.0.0-dev+exp,true,host,host.user.full_name,wildcard,extended,,Albert Einstein,"User's full name, if available." -2.0.0-dev+exp,true,host,host.user.full_name.text,text,extended,,Albert Einstein,"User's full name, if available." -2.0.0-dev+exp,true,host,host.user.group.domain,keyword,extended,,,Name of the directory the group is a member of. -2.0.0-dev+exp,true,host,host.user.group.id,keyword,extended,,,Unique identifier for the group on the system/platform. -2.0.0-dev+exp,true,host,host.user.group.name,keyword,extended,,,Name of the group. -2.0.0-dev+exp,true,host,host.user.hash,keyword,extended,,,Unique user hash to correlate information for a user in anonymized form. -2.0.0-dev+exp,true,host,host.user.id,keyword,core,,,Unique identifier of the user. -2.0.0-dev+exp,true,host,host.user.name,wildcard,core,,albert,Short name or login of the user. -2.0.0-dev+exp,true,host,host.user.name.text,text,core,,albert,Short name or login of the user. -2.0.0-dev+exp,true,host,host.user.roles,keyword,extended,array,"[""kibana_admin"", ""reporting_user""]",Array of user roles at the time of the event. 2.0.0-dev+exp,true,http,http.request.body.bytes,long,extended,,887,Size in bytes of the request body. 2.0.0-dev+exp,true,http,http.request.body.content,wildcard,extended,,Hello world,The full HTTP request body. 2.0.0-dev+exp,true,http,http.request.body.content.text,text,extended,,Hello world,The full HTTP request body. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index e6dcabc8dd..f2227adbda 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -4900,135 +4900,6 @@ host.uptime: normalize: [] short: Seconds the host has been up. type: long -host.user.domain: - dashed_name: host-user-domain - description: 'Name of the directory the user is a member of. - - For example, an LDAP or Active Directory domain name.' - flat_name: host.user.domain - ignore_above: 1024 - level: extended - name: domain - normalize: [] - original_fieldset: user - short: Name of the directory the user is a member of. - type: keyword -host.user.email: - dashed_name: host-user-email - description: User email address. - flat_name: host.user.email - level: extended - name: email - normalize: [] - original_fieldset: user - short: User email address. - type: wildcard -host.user.full_name: - dashed_name: host-user-full-name - description: User's full name, if available. - example: Albert Einstein - flat_name: host.user.full_name - level: extended - multi_fields: - - flat_name: host.user.full_name.text - name: text - norms: false - type: text - name: full_name - normalize: [] - original_fieldset: user - short: User's full name, if available. - type: wildcard -host.user.group.domain: - dashed_name: host-user-group-domain - description: 'Name of the directory the group is a member of. - - For example, an LDAP or Active Directory domain name.' - flat_name: host.user.group.domain - ignore_above: 1024 - level: extended - name: domain - normalize: [] - original_fieldset: group - short: Name of the directory the group is a member of. - type: keyword -host.user.group.id: - dashed_name: host-user-group-id - description: Unique identifier for the group on the system/platform. - flat_name: host.user.group.id - ignore_above: 1024 - level: extended - name: id - normalize: [] - original_fieldset: group - short: Unique identifier for the group on the system/platform. - type: keyword -host.user.group.name: - dashed_name: host-user-group-name - description: Name of the group. - flat_name: host.user.group.name - ignore_above: 1024 - level: extended - name: name - normalize: [] - original_fieldset: group - short: Name of the group. - type: keyword -host.user.hash: - dashed_name: host-user-hash - description: 'Unique user hash to correlate information for a user in anonymized - form. - - Useful if `user.id` or `user.name` contain confidential information and cannot - be used.' - flat_name: host.user.hash - ignore_above: 1024 - level: extended - name: hash - normalize: [] - original_fieldset: user - short: Unique user hash to correlate information for a user in anonymized form. - type: keyword -host.user.id: - dashed_name: host-user-id - description: Unique identifier of the user. - flat_name: host.user.id - ignore_above: 1024 - level: core - name: id - normalize: [] - original_fieldset: user - short: Unique identifier of the user. - type: keyword -host.user.name: - dashed_name: host-user-name - description: Short name or login of the user. - example: albert - flat_name: host.user.name - level: core - multi_fields: - - flat_name: host.user.name.text - name: text - norms: false - type: text - name: name - normalize: [] - original_fieldset: user - short: Short name or login of the user. - type: wildcard -host.user.roles: - dashed_name: host-user-roles - description: Array of user roles at the time of the event. - example: '["kibana_admin", "reporting_user"]' - flat_name: host.user.roles - ignore_above: 1024 - level: extended - name: roles - normalize: - - array - original_fieldset: user - short: Array of user roles at the time of the event. - type: keyword http.request.body.bytes: dashed_name: http-request-body-bytes description: Size in bytes of the request body. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index e3593e5508..14984f61f9 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -6014,141 +6014,11 @@ host: normalize: [] short: Seconds the host has been up. type: long - host.user.domain: - dashed_name: host-user-domain - description: 'Name of the directory the user is a member of. - - For example, an LDAP or Active Directory domain name.' - flat_name: host.user.domain - ignore_above: 1024 - level: extended - name: domain - normalize: [] - original_fieldset: user - short: Name of the directory the user is a member of. - type: keyword - host.user.email: - dashed_name: host-user-email - description: User email address. - flat_name: host.user.email - level: extended - name: email - normalize: [] - original_fieldset: user - short: User email address. - type: wildcard - host.user.full_name: - dashed_name: host-user-full-name - description: User's full name, if available. - example: Albert Einstein - flat_name: host.user.full_name - level: extended - multi_fields: - - flat_name: host.user.full_name.text - name: text - norms: false - type: text - name: full_name - normalize: [] - original_fieldset: user - short: User's full name, if available. - type: wildcard - host.user.group.domain: - dashed_name: host-user-group-domain - description: 'Name of the directory the group is a member of. - - For example, an LDAP or Active Directory domain name.' - flat_name: host.user.group.domain - ignore_above: 1024 - level: extended - name: domain - normalize: [] - original_fieldset: group - short: Name of the directory the group is a member of. - type: keyword - host.user.group.id: - dashed_name: host-user-group-id - description: Unique identifier for the group on the system/platform. - flat_name: host.user.group.id - ignore_above: 1024 - level: extended - name: id - normalize: [] - original_fieldset: group - short: Unique identifier for the group on the system/platform. - type: keyword - host.user.group.name: - dashed_name: host-user-group-name - description: Name of the group. - flat_name: host.user.group.name - ignore_above: 1024 - level: extended - name: name - normalize: [] - original_fieldset: group - short: Name of the group. - type: keyword - host.user.hash: - dashed_name: host-user-hash - description: 'Unique user hash to correlate information for a user in anonymized - form. - - Useful if `user.id` or `user.name` contain confidential information and cannot - be used.' - flat_name: host.user.hash - ignore_above: 1024 - level: extended - name: hash - normalize: [] - original_fieldset: user - short: Unique user hash to correlate information for a user in anonymized form. - type: keyword - host.user.id: - dashed_name: host-user-id - description: Unique identifier of the user. - flat_name: host.user.id - ignore_above: 1024 - level: core - name: id - normalize: [] - original_fieldset: user - short: Unique identifier of the user. - type: keyword - host.user.name: - dashed_name: host-user-name - description: Short name or login of the user. - example: albert - flat_name: host.user.name - level: core - multi_fields: - - flat_name: host.user.name.text - name: text - norms: false - type: text - name: name - normalize: [] - original_fieldset: user - short: Short name or login of the user. - type: wildcard - host.user.roles: - dashed_name: host-user-roles - description: Array of user roles at the time of the event. - example: '["kibana_admin", "reporting_user"]' - flat_name: host.user.roles - ignore_above: 1024 - level: extended - name: roles - normalize: - - array - original_fieldset: user - short: Array of user roles at the time of the event. - type: keyword group: 2 name: host nestings: - host.geo - host.os - - host.user prefix: host. reused_here: - full: host.geo @@ -6157,9 +6027,6 @@ host: - full: host.os schema_name: os short: OS fields contain information about the operating system. - - full: host.user - schema_name: user - short: This reuse is deprecated and will be removed in the next major ECS version. short: Fields describing the relevant computing instance. title: Host type: group @@ -15849,11 +15716,6 @@ user: at: user full: user.changes short_override: Captures changes made to a user. - - as: user - at: host - full: host.user - short_override: This reuse is deprecated and will be removed in the next major - ECS version. top_level: true reused_here: - full: user.group diff --git a/experimental/generated/elasticsearch/7/template.json b/experimental/generated/elasticsearch/7/template.json index ed0e238b76..d9c85007fd 100644 --- a/experimental/generated/elasticsearch/7/template.json +++ b/experimental/generated/elasticsearch/7/template.json @@ -1670,63 +1670,6 @@ }, "uptime": { "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "type": "wildcard" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "type": "wildcard" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "type": "wildcard" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } } } }, diff --git a/experimental/generated/elasticsearch/component/host.json b/experimental/generated/elasticsearch/component/host.json index 6100963315..b7eeb41cbe 100644 --- a/experimental/generated/elasticsearch/component/host.json +++ b/experimental/generated/elasticsearch/component/host.json @@ -178,63 +178,6 @@ }, "uptime": { "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "type": "wildcard" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "type": "wildcard" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "type": "wildcard" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } } } } diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index a3ee1fdf33..ce2b4bb824 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2922,78 +2922,6 @@ type: long description: Seconds the host has been up. example: 1325 - - name: user.domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the directory the user is a member of. - - For example, an LDAP or Active Directory domain name.' - - name: user.email - level: extended - type: keyword - ignore_above: 1024 - description: User email address. - - name: user.full_name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: User's full name, if available. - example: Albert Einstein - - name: user.group.domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the directory the group is a member of. - - For example, an LDAP or Active Directory domain name.' - - name: user.group.id - level: extended - type: keyword - ignore_above: 1024 - description: Unique identifier for the group on the system/platform. - - name: user.group.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the group. - - name: user.hash - level: extended - type: keyword - ignore_above: 1024 - description: 'Unique user hash to correlate information for a user in anonymized - form. - - Useful if `user.id` or `user.name` contain confidential information and cannot - be used.' - - name: user.id - level: core - type: keyword - ignore_above: 1024 - description: Unique identifier of the user. - - name: user.name - level: core - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Short name or login of the user. - example: albert - - name: user.roles - level: extended - type: keyword - ignore_above: 1024 - description: Array of user roles at the time of the event. - example: '["kibana_admin", "reporting_user"]' - default_field: false - name: http title: HTTP group: 2 diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index aaf7bc013a..28db5e737d 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -310,18 +310,6 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev,true,host,host.os.version,keyword,extended,,10.14.1,Operating system version as a raw string. 2.0.0-dev,true,host,host.type,keyword,core,,,Type of host. 2.0.0-dev,true,host,host.uptime,long,extended,,1325,Seconds the host has been up. -2.0.0-dev,true,host,host.user.domain,keyword,extended,,,Name of the directory the user is a member of. -2.0.0-dev,true,host,host.user.email,keyword,extended,,,User email address. -2.0.0-dev,true,host,host.user.full_name,keyword,extended,,Albert Einstein,"User's full name, if available." -2.0.0-dev,true,host,host.user.full_name.text,text,extended,,Albert Einstein,"User's full name, if available." -2.0.0-dev,true,host,host.user.group.domain,keyword,extended,,,Name of the directory the group is a member of. -2.0.0-dev,true,host,host.user.group.id,keyword,extended,,,Unique identifier for the group on the system/platform. -2.0.0-dev,true,host,host.user.group.name,keyword,extended,,,Name of the group. -2.0.0-dev,true,host,host.user.hash,keyword,extended,,,Unique user hash to correlate information for a user in anonymized form. -2.0.0-dev,true,host,host.user.id,keyword,core,,,Unique identifier of the user. -2.0.0-dev,true,host,host.user.name,keyword,core,,albert,Short name or login of the user. -2.0.0-dev,true,host,host.user.name.text,text,core,,albert,Short name or login of the user. -2.0.0-dev,true,host,host.user.roles,keyword,extended,array,"[""kibana_admin"", ""reporting_user""]",Array of user roles at the time of the event. 2.0.0-dev,true,http,http.request.body.bytes,long,extended,,887,Size in bytes of the request body. 2.0.0-dev,true,http,http.request.body.content,keyword,extended,,Hello world,The full HTTP request body. 2.0.0-dev,true,http,http.request.body.content.text,text,extended,,Hello world,The full HTTP request body. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index c7f65018b2..41005f09d9 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -4190,138 +4190,6 @@ host.uptime: normalize: [] short: Seconds the host has been up. type: long -host.user.domain: - dashed_name: host-user-domain - description: 'Name of the directory the user is a member of. - - For example, an LDAP or Active Directory domain name.' - flat_name: host.user.domain - ignore_above: 1024 - level: extended - name: domain - normalize: [] - original_fieldset: user - short: Name of the directory the user is a member of. - type: keyword -host.user.email: - dashed_name: host-user-email - description: User email address. - flat_name: host.user.email - ignore_above: 1024 - level: extended - name: email - normalize: [] - original_fieldset: user - short: User email address. - type: keyword -host.user.full_name: - dashed_name: host-user-full-name - description: User's full name, if available. - example: Albert Einstein - flat_name: host.user.full_name - ignore_above: 1024 - level: extended - multi_fields: - - flat_name: host.user.full_name.text - name: text - norms: false - type: text - name: full_name - normalize: [] - original_fieldset: user - short: User's full name, if available. - type: keyword -host.user.group.domain: - dashed_name: host-user-group-domain - description: 'Name of the directory the group is a member of. - - For example, an LDAP or Active Directory domain name.' - flat_name: host.user.group.domain - ignore_above: 1024 - level: extended - name: domain - normalize: [] - original_fieldset: group - short: Name of the directory the group is a member of. - type: keyword -host.user.group.id: - dashed_name: host-user-group-id - description: Unique identifier for the group on the system/platform. - flat_name: host.user.group.id - ignore_above: 1024 - level: extended - name: id - normalize: [] - original_fieldset: group - short: Unique identifier for the group on the system/platform. - type: keyword -host.user.group.name: - dashed_name: host-user-group-name - description: Name of the group. - flat_name: host.user.group.name - ignore_above: 1024 - level: extended - name: name - normalize: [] - original_fieldset: group - short: Name of the group. - type: keyword -host.user.hash: - dashed_name: host-user-hash - description: 'Unique user hash to correlate information for a user in anonymized - form. - - Useful if `user.id` or `user.name` contain confidential information and cannot - be used.' - flat_name: host.user.hash - ignore_above: 1024 - level: extended - name: hash - normalize: [] - original_fieldset: user - short: Unique user hash to correlate information for a user in anonymized form. - type: keyword -host.user.id: - dashed_name: host-user-id - description: Unique identifier of the user. - flat_name: host.user.id - ignore_above: 1024 - level: core - name: id - normalize: [] - original_fieldset: user - short: Unique identifier of the user. - type: keyword -host.user.name: - dashed_name: host-user-name - description: Short name or login of the user. - example: albert - flat_name: host.user.name - ignore_above: 1024 - level: core - multi_fields: - - flat_name: host.user.name.text - name: text - norms: false - type: text - name: name - normalize: [] - original_fieldset: user - short: Short name or login of the user. - type: keyword -host.user.roles: - dashed_name: host-user-roles - description: Array of user roles at the time of the event. - example: '["kibana_admin", "reporting_user"]' - flat_name: host.user.roles - ignore_above: 1024 - level: extended - name: roles - normalize: - - array - original_fieldset: user - short: Array of user roles at the time of the event. - type: keyword http.request.body.bytes: dashed_name: http-request-body-bytes description: Size in bytes of the request body. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 63f21fd256..95ba7b6c9c 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -5289,144 +5289,11 @@ host: normalize: [] short: Seconds the host has been up. type: long - host.user.domain: - dashed_name: host-user-domain - description: 'Name of the directory the user is a member of. - - For example, an LDAP or Active Directory domain name.' - flat_name: host.user.domain - ignore_above: 1024 - level: extended - name: domain - normalize: [] - original_fieldset: user - short: Name of the directory the user is a member of. - type: keyword - host.user.email: - dashed_name: host-user-email - description: User email address. - flat_name: host.user.email - ignore_above: 1024 - level: extended - name: email - normalize: [] - original_fieldset: user - short: User email address. - type: keyword - host.user.full_name: - dashed_name: host-user-full-name - description: User's full name, if available. - example: Albert Einstein - flat_name: host.user.full_name - ignore_above: 1024 - level: extended - multi_fields: - - flat_name: host.user.full_name.text - name: text - norms: false - type: text - name: full_name - normalize: [] - original_fieldset: user - short: User's full name, if available. - type: keyword - host.user.group.domain: - dashed_name: host-user-group-domain - description: 'Name of the directory the group is a member of. - - For example, an LDAP or Active Directory domain name.' - flat_name: host.user.group.domain - ignore_above: 1024 - level: extended - name: domain - normalize: [] - original_fieldset: group - short: Name of the directory the group is a member of. - type: keyword - host.user.group.id: - dashed_name: host-user-group-id - description: Unique identifier for the group on the system/platform. - flat_name: host.user.group.id - ignore_above: 1024 - level: extended - name: id - normalize: [] - original_fieldset: group - short: Unique identifier for the group on the system/platform. - type: keyword - host.user.group.name: - dashed_name: host-user-group-name - description: Name of the group. - flat_name: host.user.group.name - ignore_above: 1024 - level: extended - name: name - normalize: [] - original_fieldset: group - short: Name of the group. - type: keyword - host.user.hash: - dashed_name: host-user-hash - description: 'Unique user hash to correlate information for a user in anonymized - form. - - Useful if `user.id` or `user.name` contain confidential information and cannot - be used.' - flat_name: host.user.hash - ignore_above: 1024 - level: extended - name: hash - normalize: [] - original_fieldset: user - short: Unique user hash to correlate information for a user in anonymized form. - type: keyword - host.user.id: - dashed_name: host-user-id - description: Unique identifier of the user. - flat_name: host.user.id - ignore_above: 1024 - level: core - name: id - normalize: [] - original_fieldset: user - short: Unique identifier of the user. - type: keyword - host.user.name: - dashed_name: host-user-name - description: Short name or login of the user. - example: albert - flat_name: host.user.name - ignore_above: 1024 - level: core - multi_fields: - - flat_name: host.user.name.text - name: text - norms: false - type: text - name: name - normalize: [] - original_fieldset: user - short: Short name or login of the user. - type: keyword - host.user.roles: - dashed_name: host-user-roles - description: Array of user roles at the time of the event. - example: '["kibana_admin", "reporting_user"]' - flat_name: host.user.roles - ignore_above: 1024 - level: extended - name: roles - normalize: - - array - original_fieldset: user - short: Array of user roles at the time of the event. - type: keyword group: 2 name: host nestings: - host.geo - host.os - - host.user prefix: host. reused_here: - full: host.geo @@ -5435,9 +5302,6 @@ host: - full: host.os schema_name: os short: OS fields contain information about the operating system. - - full: host.user - schema_name: user - short: This reuse is deprecated and will be removed in the next major ECS version. short: Fields describing the relevant computing instance. title: Host type: group @@ -12273,11 +12137,6 @@ user: at: user full: user.changes short_override: Captures changes made to a user. - - as: user - at: host - full: host.user - short_override: This reuse is deprecated and will be removed in the next major - ECS version. top_level: true reused_here: - full: user.group diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index b7d1740c69..b7a5cbdfb5 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -1434,66 +1434,6 @@ }, "uptime": { "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } } } }, diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 4a071008ce..96b82275bc 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -1430,66 +1430,6 @@ }, "uptime": { "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } } } }, diff --git a/generated/elasticsearch/component/host.json b/generated/elasticsearch/component/host.json index 018c9f58ac..d8667a9f3e 100644 --- a/generated/elasticsearch/component/host.json +++ b/generated/elasticsearch/component/host.json @@ -182,66 +182,6 @@ }, "uptime": { "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } } } } diff --git a/schemas/user.yml b/schemas/user.yml index ec0f7af300..8066e06cfc 100644 --- a/schemas/user.yml +++ b/schemas/user.yml @@ -26,9 +26,6 @@ - at: user as: changes short_override: Captures changes made to a user. - - at: host - as: user - short_override: This reuse is deprecated and will be removed in the next major ECS version. type: group fields: