Format port numbers and numeric IDs as strings (#454)

Changes the display format of things like port numbers and PIDs to string where appropriate. Changed fields are:

client.port
destination.port
event.severity
event.sequence
http.response.status_code
process.pid
process.ppid
process.pgid
process.thread.id
server.port
source.port
url.port

CHANGELOG.next.md

@@ -19,6 +19,7 @@
 
 ### Improvements
 
+* Format port numbers and numeric IDs as strings. #454
 * Added examples and improved definitions of many `file` fields. #441
 
 ### Deprecated

generated/beats/fields.ecs.yml

@@ -223,6 +223,7 @@
     - name: port
       level: core
       type: long
+      format: string
       description: Port of the client.
     - name: user.email
       level: extended
@@ -463,6 +464,7 @@
     - name: port
       level: core
       type: long
+      format: string
       description: Port of the destination.
     - name: user.email
       level: extended
@@ -719,13 +721,15 @@
     - name: sequence
       level: extended
       type: long
+      format: string
       description: 'Sequence number of the event.
 
         The sequence number is a value published by some event sources, to make the
         exact ordering of events unambiguous, regarless of the timestamp precision.'
     - name: severity
       level: core
       type: long
+      format: string
       description: Severity describes the original severity of the event. What the
         different severity values mean can very different between use cases. It's
         up to the implementer to make sure severities are consistent across events.
@@ -1201,6 +1205,7 @@
     - name: response.status_code
       level: extended
       type: long
+      format: string
       description: HTTP response status code.
       example: 404
     - name: version
@@ -1592,14 +1597,17 @@
     - name: pgid
       level: extended
       type: long
+      format: string
       description: Identifier of the group of processes the process belongs to.
     - name: pid
       level: core
       type: long
+      format: string
       description: Process id.
     - name: ppid
       level: extended
       type: long
+      format: string
       description: Process parent id.
     - name: start
       level: extended
@@ -1609,6 +1617,7 @@
     - name: thread.id
       level: extended
       type: long
+      format: string
       description: Thread ID.
       example: 4242
     - name: title
@@ -1758,6 +1767,7 @@
     - name: port
       level: core
       type: long
+      format: string
       description: Port of the server.
     - name: user.email
       level: extended
@@ -1972,6 +1982,7 @@
     - name: port
       level: core
       type: long
+      format: string
       description: Port of the source.
     - name: user.email
       level: extended
@@ -2069,6 +2080,7 @@
     - name: port
       level: extended
       type: long
+      format: string
       description: Port of the request, such as 443.
       example: 443
     - name: query

generated/ecs/ecs_flat.yml

@@ -237,6 +237,7 @@ client.packets:
 client.port:
   description: Port of the client.
   flat_name: client.port
+  format: string
   level: core
   name: port
   order: 2
@@ -603,6 +604,7 @@ destination.packets:
 destination.port:
   description: Port of the destination.
   flat_name: destination.port
+  format: string
   level: core
   name: port
   order: 2
@@ -954,6 +956,7 @@ event.sequence:
     The sequence number is a value published by some event sources, to make the exact
     ordering of events unambiguous, regarless of the timestamp precision.'
   flat_name: event.sequence
+  format: string
   level: extended
   name: sequence
   order: 14
@@ -965,6 +968,7 @@ event.severity:
     to make sure severities are consistent across events.
   example: '7'
   flat_name: event.severity
+  format: string
   level: core
   name: severity
   order: 10
@@ -1684,6 +1688,7 @@ http.response.status_code:
   description: HTTP response status code.
   example: 404
   flat_name: http.response.status_code
+  format: string
   level: extended
   name: response.status_code
   order: 3
@@ -2250,6 +2255,7 @@ process.name:
 process.pgid:
   description: Identifier of the group of processes the process belongs to.
   flat_name: process.pgid
+  format: string
   level: extended
   name: pgid
   order: 3
@@ -2259,6 +2265,7 @@ process.pid:
   description: Process id.
   exmple: ssh
   flat_name: process.pid
+  format: string
   level: core
   name: pid
   order: 0
@@ -2267,6 +2274,7 @@ process.pid:
 process.ppid:
   description: Process parent id.
   flat_name: process.ppid
+  format: string
   level: extended
   name: ppid
   order: 2
@@ -2285,6 +2293,7 @@ process.thread.id:
   description: Thread ID.
   example: 4242
   flat_name: process.thread.id
+  format: string
   level: extended
   name: thread.id
   order: 7
@@ -2477,6 +2486,7 @@ server.packets:
 server.port:
   description: Port of the server.
   flat_name: server.port
+  format: string
   level: core
   name: port
   order: 2
@@ -2801,6 +2811,7 @@ source.packets:
 source.port:
   description: Port of the source.
   flat_name: source.port
+  format: string
   level: core
   name: port
   order: 2
@@ -2964,6 +2975,7 @@ url.port:
   description: Port of the request, such as 443.
   example: 443
   flat_name: url.port
+  format: string
   level: extended
   name: port
   order: 4

generated/ecs/ecs_nested.yml

@@ -327,6 +327,7 @@ client:
     port:
       description: Port of the client.
       flat_name: client.port
+      format: string
       level: core
       name: port
       order: 2
@@ -734,6 +735,7 @@ destination:
     port:
       description: Port of the destination.
       flat_name: destination.port
+      format: string
       level: core
       name: port
       order: 2
@@ -1130,6 +1132,7 @@ event:
         The sequence number is a value published by some event sources, to make the
         exact ordering of events unambiguous, regarless of the timestamp precision.'
       flat_name: event.sequence
+      format: string
       level: extended
       name: sequence
       order: 14
@@ -1141,6 +1144,7 @@ event:
         up to the implementer to make sure severities are consistent across events.
       example: '7'
       flat_name: event.severity
+      format: string
       level: core
       name: severity
       order: 10
@@ -1940,6 +1944,7 @@ http:
       description: HTTP response status code.
       example: 404
       flat_name: http.response.status_code
+      format: string
       level: extended
       name: response.status_code
       order: 3
@@ -2562,6 +2567,7 @@ process:
     pgid:
       description: Identifier of the group of processes the process belongs to.
       flat_name: process.pgid
+      format: string
       level: extended
       name: pgid
       order: 3
@@ -2571,6 +2577,7 @@ process:
       description: Process id.
       exmple: ssh
       flat_name: process.pid
+      format: string
       level: core
       name: pid
       order: 0
@@ -2579,6 +2586,7 @@ process:
     ppid:
       description: Process parent id.
       flat_name: process.ppid
+      format: string
       level: extended
       name: ppid
       order: 2
@@ -2597,6 +2605,7 @@ process:
       description: Thread ID.
       example: 4242
       flat_name: process.thread.id
+      format: string
       level: extended
       name: thread.id
       order: 7
@@ -2830,6 +2839,7 @@ server:
     port:
       description: Port of the server.
       flat_name: server.port
+      format: string
       level: core
       name: port
       order: 2
@@ -3180,6 +3190,7 @@ source:
     port:
       description: Port of the source.
       flat_name: source.port
+      format: string
       level: core
       name: port
       order: 2
@@ -3347,6 +3358,7 @@ url:
       description: Port of the request, such as 443.
       example: 443
       flat_name: url.port
+      format: string
       level: extended
       name: port
       order: 4

schemas/client.yml

@@ -41,6 +41,7 @@
         Can be one or multiple IPv4 or IPv6 addresses.
 
     - name: port
+      format: string
       level: core
       type: long
       description: >

schemas/destination.yml

@@ -32,6 +32,7 @@
         Can be one or multiple IPv4 or IPv6 addresses.
 
     - name: port
+      format: string
       level: core
       type: long
       description: >

schemas/event.yml

@@ -143,6 +143,7 @@
       example: kernel
 
     - name: severity
+      format: string
       level: core
       type: long
       example: "7"
@@ -195,6 +196,7 @@
         difference between the end and start time.
 
     - name: sequence
+      format: string
       level: extended
       type: long
       short: Sequence number of the event.

schemas/http.yml

@@ -34,6 +34,7 @@
       example: https://blog.example.com/
 
     - name: response.status_code
+      format: string
       level: extended
       type: long
       description: >

schemas/process.yml

@@ -13,6 +13,7 @@
   fields:
 
     - name: pid
+      format: string
       level: core
       type: long
       description: >
@@ -30,12 +31,14 @@
       example: ssh
 
     - name: ppid
+      format: string
       level: extended
       type: long
       description: >
         Process parent id.
 
     - name: pgid
+      format: string
       level: extended
       type: long
       description: >
@@ -69,6 +72,7 @@
         for example a browser setting its title to the web page currently opened.
 
     - name: thread.id
+      format: string
       level: extended
       type: long
       example: 4242

schemas/server.yml

@@ -41,6 +41,7 @@
         Can be one or multiple IPv4 or IPv6 addresses.
 
     - name: port
+      format: string
       level: core
       type: long
       description: >

schemas/source.yml

@@ -32,6 +32,7 @@
         Can be one or multiple IPv4 or IPv6 addresses.
 
     - name: port
+      format: string
       level: core
       type: long
       description: >

schemas/url.yml

@@ -55,6 +55,7 @@
       example: www.elastic.co
 
     - name: port
+      format: string
       level: extended
       type: long
       description: >