- Elastic Common Schema (ECS) Reference: other versions:
- Overview
- Using ECS
- ECS Field Reference
- Base Fields
- Agent Fields
- Autonomous System Fields
- Client Fields
- Cloud Fields
- Container Fields
- Destination Fields
- DNS Fields
- ECS Fields
- Error Fields
- Event Fields
- File Fields
- Geo Fields
- Group Fields
- Hash Fields
- Host Fields
- HTTP Fields
- Log Fields
- Network Fields
- Observer Fields
- Organization Fields
- Operating System Fields
- Process Fields
- Related Fields
- Server Fields
- Service Fields
- Source Fields
- Tracing Fields
- URL Fields
- User Fields
- User agent Fields
- Migrating to ECS
- Additional Information
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Group Fields
editGroup Fields
editThe group fields are meant to represent groups that are relevant to the event.
Group Field Details
edit| Field | Description | Level |
|---|---|---|
group.id |
Unique identifier for the group on the system/platform. type: keyword |
extended |
group.name |
Name of the group. type: keyword |
extended |
Field Reuse
editThe group fields are expected to be nested at: user.group.
Note also that the group fields may be used directly at the top level.
On this page
Was this helpful?
Thank you for your feedback.