[8.7] Description for host.name updated (FQDN issue) (#2122)

* Description for host.name updated * build artifacts * changelog updated * moved changelog entry to 8.7 Co-authored-by: Karl Godard <[email protected]> Co-authored-by: Eric Beahan <[email protected]>
elastic · Jan 25, 2023 · 1794cfb · 1794cfb
1 parent 98309b9
commit 1794cfb
Show file tree

Hide file tree

Showing 9 changed files with 23 additions and 21 deletions.
diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md
@@ -47,6 +47,7 @@ Thanks, you're awesome :-) -->
 #### Improvements
 
 * Updated usage docs to include `threat.indicator.url.domain` and changed `indicator.marking.tlp` and `indicator.enrichments.marking.tlp` from "WHITE" to "CLEAR" to align with TLP 2.0. #2124
+* description for `host.name` definition updated to encourage use of FDQN #2122
 
 
 <!-- All empty sections:

diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc
@@ -5145,7 +5145,7 @@ example: `["00-00-5E-00-53-23", "00-00-5E-00-53-24"]`
 
 a| Name of the host.
 
-It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.
+It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host.
 
 type: keyword
 

diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml
@@ -4066,9 +4066,9 @@
       ignore_above: 1024
       description: 'Name of the host.
 
-        It can contain what `hostname` returns on Unix systems, the fully qualified
-        domain name, or a name specified by the user. The sender decides which value
-        to use.'
+        It can contain what hostname returns on Unix systems, the fully qualified
+        domain name (FQDN), or a name specified by the user. The recommended value
+        is the lowercase FQDN of the host.'
     - name: network.egress.bytes
       level: extended
       type: long

diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml
@@ -5814,8 +5814,9 @@ host.name:
   dashed_name: host-name
   description: 'Name of the host.
 
-    It can contain what `hostname` returns on Unix systems, the fully qualified domain
-    name, or a name specified by the user. The sender decides which value to use.'
+    It can contain what hostname returns on Unix systems, the fully qualified domain
+    name (FQDN), or a name specified by the user. The recommended value is the lowercase
+    FQDN of the host.'
   flat_name: host.name
   ignore_above: 1024
   level: core

diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml
@@ -7217,9 +7217,9 @@ host:
       dashed_name: host-name
       description: 'Name of the host.
 
-        It can contain what `hostname` returns on Unix systems, the fully qualified
-        domain name, or a name specified by the user. The sender decides which value
-        to use.'
+        It can contain what hostname returns on Unix systems, the fully qualified
+        domain name (FQDN), or a name specified by the user. The recommended value
+        is the lowercase FQDN of the host.'
       flat_name: host.name
       ignore_above: 1024
       level: core

diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml
@@ -4016,9 +4016,9 @@
       ignore_above: 1024
       description: 'Name of the host.
 
-        It can contain what `hostname` returns on Unix systems, the fully qualified
-        domain name, or a name specified by the user. The sender decides which value
-        to use.'
+        It can contain what hostname returns on Unix systems, the fully qualified
+        domain name (FQDN), or a name specified by the user. The recommended value
+        is the lowercase FQDN of the host.'
     - name: network.egress.bytes
       level: extended
       type: long

diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml
@@ -5745,8 +5745,9 @@ host.name:
   dashed_name: host-name
   description: 'Name of the host.
 
-    It can contain what `hostname` returns on Unix systems, the fully qualified domain
-    name, or a name specified by the user. The sender decides which value to use.'
+    It can contain what hostname returns on Unix systems, the fully qualified domain
+    name (FQDN), or a name specified by the user. The recommended value is the lowercase
+    FQDN of the host.'
   flat_name: host.name
   ignore_above: 1024
   level: core

diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml
@@ -7137,9 +7137,9 @@ host:
       dashed_name: host-name
       description: 'Name of the host.
 
-        It can contain what `hostname` returns on Unix systems, the fully qualified
-        domain name, or a name specified by the user. The sender decides which value
-        to use.'
+        It can contain what hostname returns on Unix systems, the fully qualified
+        domain name (FQDN), or a name specified by the user. The recommended value
+        is the lowercase FQDN of the host.'
       flat_name: host.name
       ignore_above: 1024
       level: core

diff --git a/schemas/host.yml b/schemas/host.yml
@@ -27,7 +27,6 @@
     Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.
   type: group
   fields:
-
     - name: hostname
       level: core
       type: keyword
@@ -44,9 +43,9 @@
       description: >
         Name of the host.
 
-        It can contain what `hostname` returns on Unix systems, the fully
-        qualified domain name, or a name specified by the user. The sender
-        decides which value to use.
+        It can contain what hostname returns on Unix systems, the fully
+        qualified domain name (FQDN), or a name specified by the user.
+        The recommended value is the lowercase FQDN of the host.
 
     - name: id
       level: core