Cloud Fields

edit

Fields related to the cloud or infrastructure the events are coming from.

Cloud Field Details

edit
Field Description Level

cloud.account.id

The cloud account or organization id used to identify different entities in a multi-tenant environment.

Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.

type: keyword

example: 666777888999

extended

cloud.account.name

The cloud account name or alias used to identify different entities in a multi-tenant environment.

Examples: AWS account name, Google Cloud ORG display name.

type: keyword

example: elastic-dev

extended

cloud.availability_zone

Availability zone in which this host, resource, or service is located.

type: keyword

example: us-east-1c

extended

cloud.instance.id

Instance ID of the host machine.

type: keyword

example: i-1234567890abcdef0

extended

cloud.instance.name

Instance name of the host machine.

type: keyword

extended

cloud.machine.type

Machine type of the host machine.

type: keyword

example: t2.medium

extended

cloud.project.id

The cloud project identifier.

Examples: Google Cloud Project id, Azure Project id.

type: keyword

example: my-project

extended

cloud.project.name

The cloud project name.

Examples: Google Cloud Project name, Azure Project name.

type: keyword

example: my project

extended

cloud.provider

Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.

type: keyword

example: aws

extended

cloud.region

Region in which this host, resource, or service is located.

type: keyword

example: us-east-1

extended

cloud.service.name

The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server.

Examples: app engine, app service, cloud run, fargate, lambda.

type: keyword

example: lambda

extended