IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Group Fields
editGroup Fields
editThe group fields are meant to represent groups that are relevant to the event.
Group Field Details
editField | Description | Level |
---|---|---|
Name of the directory the group is a member of. For example, an LDAP or Active Directory domain name. type: keyword |
extended |
|
Unique identifier for the group on the system/platform. type: keyword |
extended |
|
Name of the group. type: keyword |
extended |
Field Reuse
editThe group
fields are expected to be nested at: user.group
.
Note also that the group
fields may be used directly at the root of the events.