forked from elastic/ecs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathurl.yml
103 lines (87 loc) · 2.97 KB
/
url.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
---
- name: url
title: URL
short: Fields that let you store URLs in various forms.
description: >
URL fields provide support for complete or partial URLs, and supports the
breaking down into scheme, domain, path, and so on.
type: group
fields:
- name: original
level: extended
type: keyword
short: Unmodified original url as seen in the event source.
description: >
Unmodified original url as seen in the event source.
Note that in network monitoring, the observed URL may be a full URL,
whereas in access logs, the URL is often just represented as a path.
This field is meant to represent the URL as it was observed, complete
or not.
example: >
https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch
- name: full
level: extended
type: keyword
short: Full unparsed URL.
description: >
If full URLs are important to your use case, they should be stored in
`url.full`, whether this field is reconstructed or present in the
event source.
example: https://www.elastic.co:443/search?q=elasticsearch#top
- name: scheme
level: extended
type: keyword
short: Scheme of the url.
description: >
Scheme of the request, such as "https".
Note: The `:` is not part of the scheme.
example: https
- name: domain
level: extended
type: keyword
short: Domain of the url.
description: >
Domain of the url, such as "www.elastic.co".
In some cases a URL may refer to an IP and/or port directly, without a
domain name. In this case, the IP address would go to the `domain` field.
example: www.elastic.co
- name: port
format: string
level: extended
type: long
description: >
Port of the request, such as 443.
example: 443
- name: path
level: extended
type: keyword
description: >
Path of the request, such as "/search".
- name: query
level: extended
type: keyword
short: Query string of the request.
description: >
The query field describes the query string of the request,
such as "q=elasticsearch".
The `?` is excluded from the query string. If a URL contains
no `?`, there is no query field. If there is a `?` but no query,
the query field exists with an empty string. The `exists`
query can be used to differentiate between the two cases.
- name: fragment
level: extended
type: keyword
short: Portion of the url after the `#`.
description: >
Portion of the url after the `#`, such as "top".
The `#` is not part of the fragment.
- name: username
level: extended
type: keyword
description: >
Username of the request.
- name: password
level: extended
type: keyword
description: >
Password of the request.