Add host.os.kernel field

host.os.kernel contains the raw kernel version. Example values: - linux: `4.4.0-112-generic` - windows: `6.3.9600.19000 (winblue_ltsb.180410-0600)` (taken from the FileVersion value on ntoskrnl.exe) - darwin: `16.7.0` Closes elastic#60
andrewkroh · Aug 3, 2018 · 6565f16 · 6565f16
1 parent 75a0ff4
commit 6565f16
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -318,6 +318,7 @@ The OS fields contain information about the operating system. These fields are o
 | <a name="os.name"></a>os.name  | Operating system name.  | keyword  |   | `Mac OS X`  |
 | <a name="os.family"></a>os.family  | OS family (such as redhat, debian, freebsd, windows).  | keyword  |   | `debian`  |
 | <a name="os.version"></a>os.version  | Operating system version as a raw string.  | keyword  |   | `10.12.6-rc2`  |
+| <a name="os.kernel"></a>os.kernel  | Operating system kernel version as a raw string.  | keyword  |   | `4.4.0-112-generic`  |
 
 
 ## <a name="process"></a> Process fields

diff --git a/schema.csv b/schema.csv
@@ -105,6 +105,7 @@ network.total.packets,long,0,24
 organization.id,keyword,0,
 organization.name,text,0,
 os.family,keyword,0,debian
+os.kernel,keyword,0,4.4.0-112-generic
 os.name,keyword,0,Mac OS X
 os.platform,keyword,0,darwin
 os.version,keyword,0,10.12.6-rc2

diff --git a/schemas/os.yml b/schemas/os.yml
@@ -25,3 +25,8 @@
       example: "10.12.6-rc2"
       description: >
         Operating system version as a raw string.
+    - name: kernel
+      type: keyword
+      example: "4.4.0-112-generic"
+      description: >
+        Operating system kernel version as a raw string.
diff --git a/template.json b/template.json
@@ -553,6 +553,10 @@
               "ignore_above": 1024,
               "type": "keyword"
             },
+            "kernel": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
             "name": {
               "ignore_above": 1024,
               "type": "keyword"