ECS Field Reference
editECS Field Reference
editThis is the documentation of ECS version 1.0.1.
ECS defines multiple groups of related fields. They are called "field sets". The Base field set is the only one whose fields are defined at the root of the event.
All other field sets are defined as objects in Elasticsearch, under which all fields are defined.
Field Sets
edit| Field Set | Description |
|---|---|
All fields defined directly at the top level |
|
Fields about the monitoring agent. |
|
Fields about the client side of a network connection, used with server. |
|
Fields about the cloud resource. |
|
Fields describing the container that generated this event. |
|
Fields about the destination side of a network connection, used with source. |
|
Meta-information specific to ECS. |
|
Fields about errors of any kind. |
|
Fields breaking down the event details. |
|
Fields describing files. |
|
Fields describing a location. |
|
User’s group relevant to the event. |
|
Fields describing the relevant computing instance. |
|
Fields describing an HTTP request. |
|
Fields which are specific to log events. |
|
Fields describing the communication path over which the event happened. |
|
Fields describing an entity observing the event from outside the host. |
|
Fields describing the organization or company the event is associated with. |
|
OS fields contain information about the operating system. |
|
These fields contain information about a process. |
|
Fields meant to facilitate pivoting around a piece of data. |
|
Fields about the server side of a network connection, used with client. |
|
Fields describing the service for or from which the data was collected. |
|
Fields about the source side of a network connection, used with destination. |
|
Fields that let you store URLs in various forms. |
|
Fields to describe the user relevant to the event. |
|
Fields to describe a browser user_agent string. |