Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introducing the allowed values for the categorization fields #691

Open
3 of 6 tasks
webmat opened this issue Dec 11, 2019 · 5 comments
Open
3 of 6 tasks

Introducing the allowed values for the categorization fields #691

webmat opened this issue Dec 11, 2019 · 5 comments
Labels
categorization meta

Comments

@webmat
Copy link
Contributor

webmat commented Dec 11, 2019
edited
Loading

This issue is meant to track the work required to introduce the mandated values for the currently reserved fields (event.kind, event.category, event.type, event.outcome).

This public document lists all values being considered: https://ela.st/ecs-categories-draft. Please note that plan is to introduce the most well understood and stable subset of these values for ECS 1.4, and continue working to release additional official values in future releases. The community's feedback and comments are welcome.

Introduction for ECS 1.4

Follow-up work

  • Output accepted values to a new file values.csv
  • Allow for a free form asciidoc section for examples, at the bottom of each of the "Accepted Values" pages
  • Introduce a diagram like Ross suggested in this comment to make the hierarchy more visual
@webmat webmat added the meta label Dec 11, 2019
@webmat webmat mentioned this issue Dec 12, 2019
Merged
9 tasks
@webmat webmat changed the title Introducing the mandated values for the categorization fields Introducing the accepted values for the categorization fields Dec 12, 2019
@webmat
Copy link
Contributor Author

webmat commented Dec 13, 2019

Added the public feedback document (https://ela.st/ecs-categories-draft) to the body of the pull request.

@webmat webmat changed the title Introducing the accepted values for the categorization fields Introducing the allowed values for the categorization fields Dec 17, 2019
@enotspe
Copy link

enotspe commented Dec 18, 2019

It is not very clear the difference of network from network_flow. Or what could be an only network event and not a network_flow event?

@webmat
Copy link
Contributor Author

webmat commented Dec 18, 2019
edited
Loading

@enotspe That's why these specific values are not out yet. They're some of the most important ones we still have to finish clarifying (hence the gradual release of these values).

By the way, this public doc is meant to accept comments from everyone. Could you confirm whether you're allowed to comment on it? You don't need to actually enter a comment, just want to double check that permissions are correctly set :-)

@enotspe
Copy link

enotspe commented Dec 20, 2019

@webmat yes, i can see and comment the doc. Should we comment there instead of here?

@webmat
Copy link
Contributor Author

webmat commented Dec 24, 2019

@enotspe Yes, you can comment in there, especially around the still unpublished values.

My recommendation for feedback would be:

  • any comment very specific to what's currently published in the official ECS docs on www.elastic.co should be via a Github issue or PR
  • any general comment on the general approach, future values, missing values, etc. should for now be on the public feedback document.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
categorization meta
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@webmat @enotspe