Adds network.application.protocol

This is to help delineate between `network.protocol` like `tcp` and an `network.application.protocol` such as `http`.
elastic · Aug 13, 2018 · 382da23 · 382da23
1 parent 404be2e
commit 382da23
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -285,7 +285,8 @@ Fields related to network data.
 
 | Field  | Description  | Type  | Multi Field  | Example  |
 |---|---|---|---|---|
-| <a name="network.protocol"></a>network.protocol  | Network protocol name.  | keyword  |   | `http`  |
+| <a name="network.protocol"></a>network.protocol  | Network protocol name.  | keyword  |   | `tcp`  |
+| <a name="network.application.protocol"></a>network.application.protocol  | Application protocol name.  | keyword  |   | `http`  |
 | <a name="network.direction"></a>network.direction  | Direction of the network traffic.<br/>Recommended values are:<br/>  * inbound<br/>  * outbound<br/>  * unknown  | keyword  |   | `inbound`  |
 | <a name="network.forwarded_ip"></a>network.forwarded_ip  | Host IP address when the source IP address is the proxy.  | ip  |   | `192.1.1.2`  |
 | <a name="network.inbound.bytes"></a>network.inbound.bytes  | Network inbound bytes.  | long  |   | `184`  |

diff --git a/schema.csv b/schema.csv
@@ -93,13 +93,14 @@ log.level,keyword,0,ERR
 log.line,long,0,18
 log.message,keyword,1,Sep 19 08:26:10 localhost My log
 log.offset,long,0,12
+network.application.protocol,keyword,0,http
 network.direction,keyword,0,inbound
 network.forwarded_ip,ip,0,192.1.1.2
 network.inbound.bytes,long,0,184
 network.inbound.packets,long,0,12
 network.outbound.bytes,long,0,184
 network.outbound.packets,long,0,12
-network.protocol,keyword,0,http
+network.protocol,keyword,0,tcp
 network.total.bytes,long,0,368
 network.total.packets,long,0,24
 organization.id,keyword,0,

diff --git a/schemas/network.yml b/schemas/network.yml
@@ -9,6 +9,11 @@
       type: keyword
       description: >
         Network protocol name.
+      example: tcp
+    - name: application.protocol
+      type: keyword
+      description: >
+        Application protocol name.
       example: http
     - name: direction
       type: keyword

diff --git a/template.json b/template.json
@@ -492,6 +492,14 @@
         },
         "network": {
           "properties": {
+            "application": {
+              "properties": {
+                "protocol": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
             "direction": {
               "ignore_above": 1024,
               "type": "keyword"
@@ -655,6 +663,7 @@
           "properties": {
             "certificates": {
               "doc_values": false,
+              "ignore_above": 1024,
               "type": "keyword"
             },
             "ciphersuite": {