Operating System Fields
editOperating System Fields
editThe OS fields contain information about the operating system.
Operating System Field Details
edit| Field | Description | Level |
|---|---|---|
os.family |
OS family (such as redhat, debian, freebsd, windows). type: keyword example: |
extended |
os.full |
Operating system name, including the version or code name. type: keyword Multi-fields: * os.full.text (type: text) example: |
extended |
os.kernel |
Operating system kernel version as a raw string. type: keyword example: |
extended |
os.name |
Operating system name, without the version. type: keyword Multi-fields: * os.name.text (type: text) example: |
extended |
os.platform |
Operating system platform (such centos, ubuntu, windows). type: keyword example: |
extended |
os.version |
Operating system version as a raw string. type: keyword example: |
extended |
Field Reuse
editThe os fields are expected to be nested at: host.os, observer.os, user_agent.os.
Note also that the os fields are not expected to be used directly at the root of the events.