Skip to content

Add domain field to Group Schema #547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Sep 25, 2019
Merged

Add domain field to Group Schema #547

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2a38aa9
Add domain field to Group Schema
janniten Sep 9, 2019
2d10420
Add group.domain and short comment
janniten Sep 10, 2019
d53331e
Add group.domain - comments and changelog
janniten Sep 25, 2019
f182c73
Merge branch 'master' into group_domain_add
Sep 25, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions code/go/ecs/group.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 11 additions & 0 deletions docs/field-details.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1681,6 +1681,17 @@ The group fields are meant to represent groups that are relevant to the event.

// ===============================================================

| group.domain
| Name of the directory the group is a member of. For example, an LDAP or Active Directory domain name.

type: keyword



| extended

// ===============================================================

| group.id
| Unique identifier for the group on the system/platform.

Expand Down
42 changes: 42 additions & 0 deletions generated/beats/fields.ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,12 @@
ignore_above: 1024
description: User's full name, if available.
example: Albert Einstein
- name: user.group.domain
level: extended
type: keyword
ignore_above: 1024
description: Name of the directory the group is a member of. For example, an
LDAP or Active Directory domain name.
- name: user.group.id
level: extended
type: keyword
Expand Down Expand Up @@ -589,6 +595,12 @@
ignore_above: 1024
description: User's full name, if available.
example: Albert Einstein
- name: user.group.domain
level: extended
type: keyword
ignore_above: 1024
description: Name of the directory the group is a member of. For example, an
LDAP or Active Directory domain name.
- name: user.group.id
level: extended
type: keyword
Expand Down Expand Up @@ -1230,6 +1242,12 @@
to the event.
type: group
fields:
- name: domain
level: extended
type: keyword
ignore_above: 1024
description: Name of the directory the group is a member of. For example, an
LDAP or Active Directory domain name.
- name: id
level: extended
type: keyword
Expand Down Expand Up @@ -1441,6 +1459,12 @@
ignore_above: 1024
description: User's full name, if available.
example: Albert Einstein
- name: user.group.domain
level: extended
type: keyword
ignore_above: 1024
description: Name of the directory the group is a member of. For example, an
LDAP or Active Directory domain name.
- name: user.group.id
level: extended
type: keyword
Expand Down Expand Up @@ -2193,6 +2217,12 @@
ignore_above: 1024
description: User's full name, if available.
example: Albert Einstein
- name: user.group.domain
level: extended
type: keyword
ignore_above: 1024
description: Name of the directory the group is a member of. For example, an
LDAP or Active Directory domain name.
- name: user.group.id
level: extended
type: keyword
Expand Down Expand Up @@ -2456,6 +2486,12 @@
ignore_above: 1024
description: User's full name, if available.
example: Albert Einstein
- name: user.group.domain
level: extended
type: keyword
ignore_above: 1024
description: Name of the directory the group is a member of. For example, an
LDAP or Active Directory domain name.
- name: user.group.id
level: extended
type: keyword
Expand Down Expand Up @@ -2635,6 +2671,12 @@
ignore_above: 1024
description: User's full name, if available.
example: Albert Einstein
- name: group.domain
level: extended
type: keyword
ignore_above: 1024
description: Name of the directory the group is a member of. For example, an
LDAP or Active Directory domain name.
- name: group.id
level: extended
type: keyword
Expand Down
7 changes: 7 additions & 0 deletions generated/csv/fields.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ client.registered_domain,keyword,extended,google.com,1.2.0-dev
client.user.domain,keyword,extended,,1.2.0-dev
client.user.email,keyword,extended,,1.2.0-dev
client.user.full_name,keyword,extended,Albert Einstein,1.2.0-dev
client.user.group.domain,keyword,extended,,1.2.0-dev
client.user.group.id,keyword,extended,,1.2.0-dev
client.user.group.name,keyword,extended,,1.2.0-dev
client.user.hash,keyword,extended,,1.2.0-dev
Expand Down Expand Up @@ -74,6 +75,7 @@ destination.registered_domain,keyword,extended,google.com,1.2.0-dev
destination.user.domain,keyword,extended,,1.2.0-dev
destination.user.email,keyword,extended,,1.2.0-dev
destination.user.full_name,keyword,extended,Albert Einstein,1.2.0-dev
destination.user.group.domain,keyword,extended,,1.2.0-dev
destination.user.group.id,keyword,extended,,1.2.0-dev
destination.user.group.name,keyword,extended,,1.2.0-dev
destination.user.hash,keyword,extended,,1.2.0-dev
Expand Down Expand Up @@ -150,6 +152,7 @@ geo.location,geo_point,core,"{ ""lon"": -73.614830, ""lat"": 45.505918 }",1.2.0-
geo.name,keyword,extended,boston-dc,1.2.0-dev
geo.region_iso_code,keyword,core,CA-QC,1.2.0-dev
geo.region_name,keyword,core,Quebec,1.2.0-dev
group.domain,keyword,extended,,1.2.0-dev
group.id,keyword,extended,,1.2.0-dev
group.name,keyword,extended,,1.2.0-dev
hash.md5,keyword,extended,,1.2.0-dev
Expand Down Expand Up @@ -181,6 +184,7 @@ host.uptime,long,extended,1325,1.2.0-dev
host.user.domain,keyword,extended,,1.2.0-dev
host.user.email,keyword,extended,,1.2.0-dev
host.user.full_name,keyword,extended,Albert Einstein,1.2.0-dev
host.user.group.domain,keyword,extended,,1.2.0-dev
host.user.group.id,keyword,extended,,1.2.0-dev
host.user.group.name,keyword,extended,,1.2.0-dev
host.user.hash,keyword,extended,,1.2.0-dev
Expand Down Expand Up @@ -279,6 +283,7 @@ server.registered_domain,keyword,extended,google.com,1.2.0-dev
server.user.domain,keyword,extended,,1.2.0-dev
server.user.email,keyword,extended,,1.2.0-dev
server.user.full_name,keyword,extended,Albert Einstein,1.2.0-dev
server.user.group.domain,keyword,extended,,1.2.0-dev
server.user.group.id,keyword,extended,,1.2.0-dev
server.user.group.name,keyword,extended,,1.2.0-dev
server.user.hash,keyword,extended,,1.2.0-dev
Expand Down Expand Up @@ -313,6 +318,7 @@ source.registered_domain,keyword,extended,google.com,1.2.0-dev
source.user.domain,keyword,extended,,1.2.0-dev
source.user.email,keyword,extended,,1.2.0-dev
source.user.full_name,keyword,extended,Albert Einstein,1.2.0-dev
source.user.group.domain,keyword,extended,,1.2.0-dev
source.user.group.id,keyword,extended,,1.2.0-dev
source.user.group.name,keyword,extended,,1.2.0-dev
source.user.hash,keyword,extended,,1.2.0-dev
Expand All @@ -334,6 +340,7 @@ url.username,keyword,extended,,1.2.0-dev
user.domain,keyword,extended,,1.2.0-dev
user.email,keyword,extended,,1.2.0-dev
user.full_name,keyword,extended,Albert Einstein,1.2.0-dev
user.group.domain,keyword,extended,,1.2.0-dev
user.group.id,keyword,extended,,1.2.0-dev
user.group.name,keyword,extended,,1.2.0-dev
user.hash,keyword,extended,,1.2.0-dev
Expand Down
83 changes: 83 additions & 0 deletions generated/ecs/ecs_flat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -359,6 +359,18 @@ client.user.full_name:
original_fieldset: user
short: User's full name, if available.
type: keyword
client.user.group.domain:
description: Name of the directory the group is a member of. For example, an LDAP
or Active Directory domain name.
flat_name: client.user.group.domain
ignore_above: 1024
level: extended
name: domain
order: 2
original_fieldset: user
short: Name of the directory the group is a member of. For example, an LDAP or Active
Directory domain name.
type: keyword
client.user.group.id:
description: Unique identifier for the group on the system/platform.
flat_name: client.user.group.id
Expand Down Expand Up @@ -799,6 +811,18 @@ destination.user.full_name:
original_fieldset: user
short: User's full name, if available.
type: keyword
destination.user.group.domain:
description: Name of the directory the group is a member of. For example, an LDAP
or Active Directory domain name.
flat_name: destination.user.group.domain
ignore_above: 1024
level: extended
name: domain
order: 2
original_fieldset: user
short: Name of the directory the group is a member of. For example, an LDAP or Active
Directory domain name.
type: keyword
destination.user.group.id:
description: Unique identifier for the group on the system/platform.
flat_name: destination.user.group.id
Expand Down Expand Up @@ -1688,6 +1712,17 @@ geo.region_name:
order: 3
short: Region name.
type: keyword
group.domain:
description: Name of the directory the group is a member of. For example, an LDAP
or Active Directory domain name.
flat_name: group.domain
ignore_above: 1024
level: extended
name: domain
order: 2
short: Name of the directory the group is a member of. For example, an LDAP or Active
Directory domain name.
type: keyword
group.id:
description: Unique identifier for the group on the system/platform.
flat_name: group.id
Expand Down Expand Up @@ -2018,6 +2053,18 @@ host.user.full_name:
original_fieldset: user
short: User's full name, if available.
type: keyword
host.user.group.domain:
description: Name of the directory the group is a member of. For example, an LDAP
or Active Directory domain name.
flat_name: host.user.group.domain
ignore_above: 1024
level: extended
name: domain
order: 2
original_fieldset: user
short: Name of the directory the group is a member of. For example, an LDAP or Active
Directory domain name.
type: keyword
host.user.group.id:
description: Unique identifier for the group on the system/platform.
flat_name: host.user.group.id
Expand Down Expand Up @@ -3130,6 +3177,18 @@ server.user.full_name:
original_fieldset: user
short: User's full name, if available.
type: keyword
server.user.group.domain:
description: Name of the directory the group is a member of. For example, an LDAP
or Active Directory domain name.
flat_name: server.user.group.domain
ignore_above: 1024
level: extended
name: domain
order: 2
original_fieldset: user
short: Name of the directory the group is a member of. For example, an LDAP or Active
Directory domain name.
type: keyword
server.user.group.id:
description: Unique identifier for the group on the system/platform.
flat_name: server.user.group.id
Expand Down Expand Up @@ -3531,6 +3590,18 @@ source.user.full_name:
original_fieldset: user
short: User's full name, if available.
type: keyword
source.user.group.domain:
description: Name of the directory the group is a member of. For example, an LDAP
or Active Directory domain name.
flat_name: source.user.group.domain
ignore_above: 1024
level: extended
name: domain
order: 2
original_fieldset: user
short: Name of the directory the group is a member of. For example, an LDAP or Active
Directory domain name.
type: keyword
source.user.group.id:
description: Unique identifier for the group on the system/platform.
flat_name: source.user.group.id
Expand Down Expand Up @@ -3782,6 +3853,18 @@ user.full_name:
order: 2
short: User's full name, if available.
type: keyword
user.group.domain:
description: Name of the directory the group is a member of. For example, an LDAP
or Active Directory domain name.
flat_name: user.group.domain
ignore_above: 1024
level: extended
name: domain
order: 2
original_fieldset: group
short: Name of the directory the group is a member of. For example, an LDAP or Active
Directory domain name.
type: keyword
user.group.id:
description: Unique identifier for the group on the system/platform.
flat_name: user.group.id
Expand Down
Loading