diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 56bbd002f7..a2ee67d058 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -18,6 +18,7 @@ ### Improvements +* Format port numbers and numeric IDs as strings. #454 * Added examples and improved definitions of many `file` fields. #441 ### Deprecated diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 96aeedd30a..b229add3ca 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -223,6 +223,7 @@ - name: port level: core type: long + format: string description: Port of the client. - name: user.email level: extended @@ -463,6 +464,7 @@ - name: port level: core type: long + format: string description: Port of the destination. - name: user.email level: extended @@ -719,6 +721,7 @@ - name: sequence level: extended type: long + format: string description: 'Sequence number of the event. The sequence number is a value published by some event sources, to make the @@ -726,6 +729,7 @@ - name: severity level: core type: long + format: string description: Severity describes the original severity of the event. What the different severity values mean can very different between use cases. It's up to the implementer to make sure severities are consistent across events. @@ -1189,6 +1193,7 @@ - name: response.status_code level: extended type: long + format: string description: HTTP response status code. example: 404 - name: version @@ -1580,14 +1585,17 @@ - name: pgid level: extended type: long + format: string description: Identifier of the group of processes the process belongs to. - name: pid level: core type: long + format: string description: Process id. - name: ppid level: extended type: long + format: string description: Process parent id. - name: start level: extended @@ -1597,6 +1605,7 @@ - name: thread.id level: extended type: long + format: string description: Thread ID. example: 4242 - name: title @@ -1746,6 +1755,7 @@ - name: port level: core type: long + format: string description: Port of the server. - name: user.email level: extended @@ -1960,6 +1970,7 @@ - name: port level: core type: long + format: string description: Port of the source. - name: user.email level: extended @@ -2057,6 +2068,7 @@ - name: port level: extended type: long + format: string description: Port of the request, such as 443. example: 443 - name: query diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index b297dd2401..8d45bfaab9 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -237,6 +237,7 @@ client.packets: client.port: description: Port of the client. flat_name: client.port + format: string level: core name: port order: 2 @@ -603,6 +604,7 @@ destination.packets: destination.port: description: Port of the destination. flat_name: destination.port + format: string level: core name: port order: 2 @@ -954,6 +956,7 @@ event.sequence: The sequence number is a value published by some event sources, to make the exact ordering of events unambiguous, regarless of the timestamp precision.' flat_name: event.sequence + format: string level: extended name: sequence order: 14 @@ -965,6 +968,7 @@ event.severity: to make sure severities are consistent across events. example: '7' flat_name: event.severity + format: string level: core name: severity order: 10 @@ -1664,6 +1668,7 @@ http.response.status_code: description: HTTP response status code. example: 404 flat_name: http.response.status_code + format: string level: extended name: response.status_code order: 3 @@ -2230,6 +2235,7 @@ process.name: process.pgid: description: Identifier of the group of processes the process belongs to. flat_name: process.pgid + format: string level: extended name: pgid order: 3 @@ -2239,6 +2245,7 @@ process.pid: description: Process id. exmple: ssh flat_name: process.pid + format: string level: core name: pid order: 0 @@ -2247,6 +2254,7 @@ process.pid: process.ppid: description: Process parent id. flat_name: process.ppid + format: string level: extended name: ppid order: 2 @@ -2265,6 +2273,7 @@ process.thread.id: description: Thread ID. example: 4242 flat_name: process.thread.id + format: string level: extended name: thread.id order: 7 @@ -2457,6 +2466,7 @@ server.packets: server.port: description: Port of the server. flat_name: server.port + format: string level: core name: port order: 2 @@ -2781,6 +2791,7 @@ source.packets: source.port: description: Port of the source. flat_name: source.port + format: string level: core name: port order: 2 @@ -2944,6 +2955,7 @@ url.port: description: Port of the request, such as 443. example: 443 flat_name: url.port + format: string level: extended name: port order: 4 diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 7d0a420850..35144be78d 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -327,6 +327,7 @@ client: port: description: Port of the client. flat_name: client.port + format: string level: core name: port order: 2 @@ -734,6 +735,7 @@ destination: port: description: Port of the destination. flat_name: destination.port + format: string level: core name: port order: 2 @@ -1130,6 +1132,7 @@ event: The sequence number is a value published by some event sources, to make the exact ordering of events unambiguous, regarless of the timestamp precision.' flat_name: event.sequence + format: string level: extended name: sequence order: 14 @@ -1141,6 +1144,7 @@ event: up to the implementer to make sure severities are consistent across events. example: '7' flat_name: event.severity + format: string level: core name: severity order: 10 @@ -1920,6 +1924,7 @@ http: description: HTTP response status code. example: 404 flat_name: http.response.status_code + format: string level: extended name: response.status_code order: 3 @@ -2542,6 +2547,7 @@ process: pgid: description: Identifier of the group of processes the process belongs to. flat_name: process.pgid + format: string level: extended name: pgid order: 3 @@ -2551,6 +2557,7 @@ process: description: Process id. exmple: ssh flat_name: process.pid + format: string level: core name: pid order: 0 @@ -2559,6 +2566,7 @@ process: ppid: description: Process parent id. flat_name: process.ppid + format: string level: extended name: ppid order: 2 @@ -2577,6 +2585,7 @@ process: description: Thread ID. example: 4242 flat_name: process.thread.id + format: string level: extended name: thread.id order: 7 @@ -2810,6 +2819,7 @@ server: port: description: Port of the server. flat_name: server.port + format: string level: core name: port order: 2 @@ -3160,6 +3170,7 @@ source: port: description: Port of the source. flat_name: source.port + format: string level: core name: port order: 2 @@ -3327,6 +3338,7 @@ url: description: Port of the request, such as 443. example: 443 flat_name: url.port + format: string level: extended name: port order: 4 diff --git a/schemas/client.yml b/schemas/client.yml index 97d92172a1..b46cef0ef8 100644 --- a/schemas/client.yml +++ b/schemas/client.yml @@ -41,6 +41,7 @@ Can be one or multiple IPv4 or IPv6 addresses. - name: port + format: string level: core type: long description: > diff --git a/schemas/destination.yml b/schemas/destination.yml index 15d360b961..ccef779a80 100644 --- a/schemas/destination.yml +++ b/schemas/destination.yml @@ -32,6 +32,7 @@ Can be one or multiple IPv4 or IPv6 addresses. - name: port + format: string level: core type: long description: > diff --git a/schemas/event.yml b/schemas/event.yml index 2e904fa96a..474e006d80 100644 --- a/schemas/event.yml +++ b/schemas/event.yml @@ -143,6 +143,7 @@ example: kernel - name: severity + format: string level: core type: long example: "7" @@ -195,6 +196,7 @@ difference between the end and start time. - name: sequence + format: string level: extended type: long short: Sequence number of the event. diff --git a/schemas/http.yml b/schemas/http.yml index ca8ae05f51..aab4c24d08 100644 --- a/schemas/http.yml +++ b/schemas/http.yml @@ -34,6 +34,7 @@ example: https://blog.example.com/ - name: response.status_code + format: string level: extended type: long description: > diff --git a/schemas/process.yml b/schemas/process.yml index 8ab0b400c2..eb4be7132b 100644 --- a/schemas/process.yml +++ b/schemas/process.yml @@ -13,6 +13,7 @@ fields: - name: pid + format: string level: core type: long description: > @@ -30,12 +31,14 @@ example: ssh - name: ppid + format: string level: extended type: long description: > Process parent id. - name: pgid + format: string level: extended type: long description: > @@ -69,6 +72,7 @@ for example a browser setting its title to the web page currently opened. - name: thread.id + format: string level: extended type: long example: 4242 diff --git a/schemas/server.yml b/schemas/server.yml index 9c4f6ab600..564af539c2 100644 --- a/schemas/server.yml +++ b/schemas/server.yml @@ -41,6 +41,7 @@ Can be one or multiple IPv4 or IPv6 addresses. - name: port + format: string level: core type: long description: > diff --git a/schemas/source.yml b/schemas/source.yml index 77c9e9014d..6c9fabc5af 100644 --- a/schemas/source.yml +++ b/schemas/source.yml @@ -32,6 +32,7 @@ Can be one or multiple IPv4 or IPv6 addresses. - name: port + format: string level: core type: long description: > diff --git a/schemas/url.yml b/schemas/url.yml index 2f134a6414..0566fa0402 100644 --- a/schemas/url.yml +++ b/schemas/url.yml @@ -55,6 +55,7 @@ example: www.elastic.co - name: port + format: string level: extended type: long description: >