forked from elastic/ecs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsource.yml
67 lines (57 loc) · 1.58 KB
/
source.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
---
- name: source
title: Source
group: 2
short: Fields about the source side of a network connection, used with destination.
description: >
Source fields describe details about the source of a packet/event.
Source fields are usually populated in conjunction with destination fields.
type: group
fields:
- name: address
level: extended
type: keyword
short: Source network address.
description: >
Some event source addresses are defined ambiguously. The event will
sometimes list an IP, a domain or a unix socket. You should always
store the raw address in the `.address` field.
Then it should be duplicated to `.ip` or `.domain`, depending on which
one it is.
- name: ip
level: core
type: ip
short: IP address of the source.
description: >
IP address of the source.
Can be one or multiple IPv4 or IPv6 addresses.
- name: port
format: string
level: core
type: long
description: >
Port of the source.
- name: mac
level: core
type: keyword
description: >
MAC address of the source.
- name: domain
level: core
type: keyword
description: >
Source domain.
# Metrics
- name: bytes
format: bytes
level: core
type: long
example: 184
description: >
Bytes sent from the source to the destination.
- name: packets
level: core
type: long
example: 12
description: >
Packets sent from the source to the destination.