- Auditbeat Reference: other versions:
- Overview
- Getting started with Auditbeat
- Breaking changes in 6.2
- Setting up and running Auditbeat
- Configuring Auditbeat
- Specify which modules to run
- Specify general settings
- Reload the configuration dynamically
- Configure the internal queue
- Configure the output
- Set up index lifecycle management
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Enrich events with geoIP information
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- auditbeat.reference.yml
- Modules
- Exported fields
- Monitoring Auditbeat
- Securing Auditbeat
- Troubleshooting
- Contributing to Beats
NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
Host fields
editHost fields
editInfo collected for the host machine.
-
host.name -
type: keyword
Hostname.
-
host.id -
type: keyword
Unique host id.
-
host.architecture -
type: keyword
Host architecture (e.g. x86_64, arm, ppc, mips).
-
host.containerized -
type: boolean
If the host is a container.
-
host.os.platform -
type: keyword
OS platform (e.g. centos, ubuntu, windows).
-
host.os.name -
type: keyword
Operating system name (e.g. "Mac OS X").
-
host.os.build -
type: keyword
OS build information (e.g. "18D109").
-
host.os.version -
type: keyword
OS version.
-
host.os.family -
type: keyword
OS family (e.g. redhat, debian, freebsd, windows).
-
host.ip -
type: ip
List of IP-addresses.
-
host.mac -
type: keyword
List of hardware-addresses, usually MAC-addresses.
Was this helpful?
Thank you for your feedback.