You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: 'Each document has an _id that uniquely identifies it',
153
177
example: 'Y-6TfmcB0WOhS6qyMv3s',
154
178
name: '_id',
155
179
type: 'string',
156
180
searchable: true,
157
181
aggregatable: false,
158
182
readFromDocValues: false,
159
-
category: 'base',
160
-
indexes: ['auditbeat'],
161
183
esTypes: [],
184
+
indexes: ['auditbeat'],
162
185
},
163
186
{
187
+
category: 'base',
164
188
description:
165
189
'An index is like a ‘database’ in a relational database. It has a mapping which defines multiple types. An index is a logical namespace which maps to one or more primary shards and can have zero or more replica shards.',
'Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events.',
179
203
example: '2016-05-23T08:05:34.853Z',
180
204
name: '@timestamp',
181
205
type: 'date',
182
206
searchable: true,
183
207
aggregatable: true,
184
-
category: 'base',
185
-
indexes: ['auditbeat'],
186
208
readFromDocValues: true,
187
209
esTypes: [],
210
+
indexes: ['auditbeat'],
188
211
},
189
212
{
213
+
category: 'agent',
190
214
description:
191
215
'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.',
192
216
example: '8a4f500f',
193
217
name: 'agent.ephemeral_id',
194
218
type: 'string',
195
219
searchable: true,
196
220
aggregatable: true,
197
-
category: 'agent',
198
-
indexes: ['auditbeat'],
199
221
readFromDocValues: false,
200
222
esTypes: [],
223
+
indexes: ['auditbeat'],
201
224
},
202
225
{
226
+
category: 'agent',
203
227
description:
204
228
'Custom name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.',
205
229
example: 'foo',
206
230
name: 'agent.name',
207
231
type: 'string',
208
232
searchable: true,
209
233
aggregatable: true,
210
-
category: 'agent',
211
-
indexes: ['auditbeat'],
212
234
readFromDocValues: false,
213
235
esTypes: [],
236
+
indexes: ['auditbeat'],
214
237
},
215
238
{
239
+
category: 'agent',
216
240
description:
217
241
'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
218
242
example: 'filebeat',
219
243
name: 'agent.type',
220
244
type: 'string',
221
245
searchable: true,
222
246
aggregatable: true,
223
-
category: 'agent',
224
-
indexes: ['auditbeat'],
225
247
readFromDocValues: false,
226
248
esTypes: [],
249
+
indexes: ['auditbeat'],
227
250
},
228
251
{
252
+
category: 'agent',
229
253
description: 'Version of the agent.',
230
254
example: '6.0.0-rc2',
231
255
name: 'agent.version',
232
256
type: 'string',
233
257
searchable: true,
234
258
aggregatable: true,
259
+
readFromDocValues: false,
260
+
esTypes: [],
261
+
indexes: ['auditbeat'],
262
+
},
263
+
{
235
264
category: 'agent',
265
+
name: 'agent.user.name',
266
+
searchable: true,
267
+
type: 'string',
268
+
aggregatable: true,
269
+
readFromDocValues: false,
270
+
esTypes: [],
236
271
indexes: ['auditbeat'],
272
+
},
273
+
{
274
+
category: 'client',
275
+
description:
276
+
'Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet.',
277
+
example: 15169,
278
+
name: 'client.as.number.text',
279
+
type: 'string',
280
+
searchable: true,
281
+
aggregatable: true,
237
282
readFromDocValues: false,
238
283
esTypes: [],
284
+
indexes: ['auditbeat'],
239
285
},
240
286
{
287
+
category: 'base',
241
288
description: 'Each document has an _id that uniquely identifies it',
242
289
example: 'Y-6TfmcB0WOhS6qyMv3s',
243
290
name: '_id',
244
291
type: 'string',
245
292
searchable: true,
246
293
aggregatable: false,
247
-
category: 'base',
248
-
indexes: ['filebeat'],
249
294
readFromDocValues: false,
250
295
esTypes: [],
296
+
indexes: ['filebeat'],
251
297
},
252
298
{
299
+
category: 'base',
253
300
description:
254
301
'An index is like a ‘database’ in a relational database. It has a mapping which defines multiple types. An index is a logical namespace which maps to one or more primary shards and can have zero or more replica shards.',
255
302
example: 'auditbeat-8.0.0-2019.02.19-000001',
256
303
name: '_index',
257
304
type: 'string',
258
305
searchable: true,
259
306
aggregatable: true,
260
-
category: 'base',
261
-
indexes: ['filebeat'],
262
307
readFromDocValues: false,
263
308
esTypes: [],
309
+
indexes: ['filebeat'],
264
310
},
265
311
{
312
+
category: 'base',
266
313
description:
267
314
'Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events.',
268
315
example: '2016-05-23T08:05:34.853Z',
269
316
name: '@timestamp',
270
317
type: 'date',
271
318
searchable: true,
272
319
aggregatable: true,
273
-
category: 'base',
274
-
indexes: ['filebeat'],
275
320
readFromDocValues: true,
276
321
esTypes: [],
322
+
indexes: ['filebeat'],
277
323
},
278
324
{
325
+
category: 'agent',
279
326
description:
280
327
'Deprecated - use agent.name or agent.id to identify an agent. Hostname of the agent. ',
281
328
name: 'agent.hostname',
282
-
searchable: true,
283
329
type: 'string',
330
+
searchable: true,
284
331
aggregatable: true,
285
-
category: 'agent',
286
-
indexes: ['filebeat'],
287
332
readFromDocValues: false,
288
333
esTypes: [],
334
+
indexes: ['filebeat'],
289
335
},
290
336
{
337
+
category: 'agent',
291
338
description:
292
339
'Custom name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.',
293
340
example: 'foo',
294
341
name: 'agent.name',
295
342
type: 'string',
296
343
searchable: true,
297
344
aggregatable: true,
298
-
category: 'agent',
299
-
indexes: ['filebeat'],
300
345
readFromDocValues: false,
301
346
esTypes: [],
347
+
indexes: ['filebeat'],
302
348
},
303
349
{
350
+
category: 'agent',
304
351
description: 'Version of the agent.',
305
352
example: '6.0.0-rc2',
306
353
name: 'agent.version',
307
354
type: 'string',
308
355
searchable: true,
309
356
aggregatable: true,
310
-
category: 'agent',
311
-
indexes: ['filebeat'],
312
357
readFromDocValues: false,
313
358
esTypes: [],
359
+
indexes: ['filebeat'],
314
360
},
315
361
{
362
+
category: 'base',
316
363
description: 'Each document has an _id that uniquely identifies it',
317
364
example: 'Y-6TfmcB0WOhS6qyMv3s',
318
365
name: '_id',
319
366
type: 'string',
320
367
searchable: true,
321
368
aggregatable: false,
322
-
category: 'base',
323
-
indexes: ['packetbeat'],
324
369
readFromDocValues: false,
325
370
esTypes: [],
371
+
indexes: ['packetbeat'],
326
372
},
327
373
{
374
+
category: 'base',
328
375
description:
329
376
'An index is like a ‘database’ in a relational database. It has a mapping which defines multiple types. An index is a logical namespace which maps to one or more primary shards and can have zero or more replica shards.',
330
377
example: 'auditbeat-8.0.0-2019.02.19-000001',
331
378
name: '_index',
332
379
type: 'string',
333
380
searchable: true,
334
381
aggregatable: true,
335
-
category: 'base',
336
-
indexes: ['packetbeat'],
337
382
readFromDocValues: false,
338
383
esTypes: [],
384
+
indexes: ['packetbeat'],
339
385
},
340
386
{
387
+
category: 'base',
341
388
description:
342
389
'Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events.',
343
390
example: '2016-05-23T08:05:34.853Z',
344
391
name: '@timestamp',
345
392
type: 'date',
346
393
searchable: true,
347
394
aggregatable: true,
348
-
category: 'base',
349
-
indexes: ['packetbeat'],
350
395
readFromDocValues: true,
351
396
esTypes: [],
397
+
indexes: ['packetbeat'],
352
398
},
353
399
{
400
+
category: 'agent',
354
401
description:
355
402
'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.',
356
403
example: '8a4f500d',
357
404
name: 'agent.id',
358
405
type: 'string',
359
406
searchable: true,
360
407
aggregatable: true,
361
-
category: 'agent',
362
-
indexes: ['packetbeat'],
363
408
readFromDocValues: false,
364
409
esTypes: [],
410
+
indexes: ['packetbeat'],
365
411
},
366
412
{
413
+
category: 'agent',
367
414
description:
368
415
'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
0 commit comments