Clarify absolute path, add missing process arg in example

elastic · Dec 3, 2018 · 67e4030 · 67e4030
1 parent 96feb62
commit 67e4030
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -340,8 +340,8 @@ These fields contain information about a process. These fields can help you corr
 | <a name="process.pid"></a>process.pid | Process id. | core | long |  |
 | <a name="process.name"></a>process.name | Process name.<br/>Sometimes called program name or similar. | extended | keyword | `ssh` |
 | <a name="process.ppid"></a>process.ppid | Process parent id. | extended | long |  |
-| <a name="process.args"></a>process.args | Process arguments.<br/>May be filtered to protect sensitive information. | extended | keyword | `['-l', 'user', '10.0.0.16']` |
-| <a name="process.executable"></a>process.executable | Full path to the process executable. | extended | keyword | `/usr/bin/ssh` |
+| <a name="process.args"></a>process.args | Process arguments.<br/>May be filtered to protect sensitive information. | extended | keyword | `['ssh', '-l', 'user', '10.0.0.16']` |
+| <a name="process.executable"></a>process.executable | Absolute path to the process executable. | extended | keyword | `/usr/bin/ssh` |
 | <a name="process.title"></a>process.title | Process title.<br/>The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. | extended | keyword |  |
 
 

diff --git a/fields.yml b/fields.yml
@@ -993,13 +993,13 @@
             Process arguments.
     
             May be filtered to protect sensitive information.
-          example: ["-l", "user", "10.0.0.16"]
+          example: ["ssh", "-l", "user", "10.0.0.16"]
 
         - name: executable
           level: extended
           type: keyword
           description: >
-            Full path to the process executable.
+            Absolute path to the process executable.
           example: /usr/bin/ssh
 
         - name: title

diff --git a/schema.csv b/schema.csv
@@ -100,7 +100,7 @@ os.kernel,keyword,extended,4.4.0-112-generic
 os.name,keyword,extended,Mac OS X
 os.platform,keyword,extended,darwin
 os.version,keyword,extended,10.12.6-rc2
-process.args,keyword,extended,"['-l', 'user', '10.0.0.16']"
+process.args,keyword,extended,"['ssh', '-l', 'user', '10.0.0.16']"
 process.executable,keyword,extended,/usr/bin/ssh
 process.name,keyword,extended,ssh
 process.pid,long,core,

diff --git a/schemas/process.yml b/schemas/process.yml
@@ -39,13 +39,13 @@
         Process arguments.
 
         May be filtered to protect sensitive information.
-      example: ["-l", "user", "10.0.0.16"]
+      example: ["ssh", "-l", "user", "10.0.0.16"]
 
     - name: executable
       level: extended
       type: keyword
       description: >
-        Full path to the process executable.
+        Absolute path to the process executable.
       example: /usr/bin/ssh
 
     - name: title