IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

« Geo Fields Host Fields »

› ›

Group Fields

edit

Group Fields

edit

The group fields are meant to represent groups that are relevant to the event.

Group Field Details

edit

Field	Description	Level
group.id	Unique identifier for the group on the system/platform. type: keyword	extended
group.name	Name of the group. type: keyword	extended

Field

Description

Level

group.id

Unique identifier for the group on the system/platform.

type: keyword

extended

group.name

Name of the group.

type: keyword

extended

Field Reuse

edit

The group fields are expected to be nested at: user.group.

Note also that the group fields may be used directly at the top level.

« Geo Fields Host Fields »