Skip to content

Commit

Permalink
Expand [source|destination|client|server].domain field descriptions (
Browse files Browse the repository at this point in the history
…elastic#1673)

* improve .domain description and add example value

* Update field-details.asciidoc

fix typos

* typo fix

* word ordering

* use correct quantifier

Co-authored-by: djptek <[email protected]>
# Conflicts:
#	experimental/generated/csv/fields.csv
#	generated/csv/fields.csv
  • Loading branch information
ebeahan committed Nov 30, 2021
1 parent b3dace4 commit 1682152
Show file tree
Hide file tree
Showing 13 changed files with 209 additions and 59 deletions.
24 changes: 16 additions & 8 deletions docs/field-details.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -353,13 +353,15 @@ example: `184`
[[field-client-domain]]
<<field-client-domain, client.domain>>

| Client domain.
| The domain name of the client system.

type: keyword
This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment.

type: keyword



example: `foo.example.com`

| core

Expand Down Expand Up @@ -1264,13 +1266,15 @@ example: `184`
[[field-destination-domain]]
<<field-destination-domain, destination.domain>>

| Destination domain.
| The domain name of the destination system.

type: keyword
This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment.

type: keyword



example: `foo.example.com`

| core

Expand Down Expand Up @@ -7185,13 +7189,15 @@ example: `184`
[[field-server-domain]]
<<field-server-domain, server.domain>>

| Server domain.
| The domain name of the server system.

type: keyword
This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment.

type: keyword



example: `foo.example.com`

| core

Expand Down Expand Up @@ -7689,13 +7695,15 @@ example: `184`
[[field-source-domain]]
<<field-source-domain, source.domain>>

| Source domain.
| The domain name of the source system.

type: keyword
This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment.

type: keyword



example: `foo.example.com`

| core

Expand Down
28 changes: 24 additions & 4 deletions experimental/generated/beats/fields.ecs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,12 @@
level: core
type: keyword
ignore_above: 1024
description: Client domain.
description: 'The domain name of the client system.
This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from
enrichment.'
example: foo.example.com
- name: geo.city_name
level: core
type: keyword
Expand Down Expand Up @@ -987,7 +992,12 @@
level: core
type: keyword
ignore_above: 1024
description: Destination domain.
description: 'The domain name of the destination system.
This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from
enrichment.'
example: foo.example.com
- name: geo.city_name
level: core
type: keyword
Expand Down Expand Up @@ -8197,7 +8207,12 @@
level: core
type: keyword
ignore_above: 1024
description: Server domain.
description: 'The domain name of the server system.
This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from
enrichment.'
example: foo.example.com
- name: geo.city_name
level: core
type: keyword
Expand Down Expand Up @@ -8804,7 +8819,12 @@
level: core
type: keyword
ignore_above: 1024
description: Source domain.
description: 'The domain name of the source system.
This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from
enrichment.'
example: foo.example.com
- name: geo.city_name
level: core
type: keyword
Expand Down
8 changes: 4 additions & 4 deletions experimental/generated/csv/fields.csv
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.0.0-dev+exp,true,client,client.as.organization.name,keyword,extended,,Google LLC,Organization name.
8.0.0-dev+exp,true,client,client.as.organization.name.text,match_only_text,extended,,Google LLC,Organization name.
8.0.0-dev+exp,true,client,client.bytes,long,core,,184,Bytes sent from the client to the server.
8.0.0-dev+exp,true,client,client.domain,keyword,core,,,Client domain.
8.0.0-dev+exp,true,client,client.domain,keyword,core,,foo.example.com,The domain name of the client.
8.0.0-dev+exp,true,client,client.geo.city_name,keyword,core,,Montreal,City name.
8.0.0-dev+exp,true,client,client.geo.continent_code,keyword,core,,NA,Continent code.
8.0.0-dev+exp,true,client,client.geo.continent_name,keyword,core,,North America,Name of the continent.
Expand Down Expand Up @@ -100,7 +100,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.0.0-dev+exp,true,destination,destination.as.organization.name,keyword,extended,,Google LLC,Organization name.
8.0.0-dev+exp,true,destination,destination.as.organization.name.text,match_only_text,extended,,Google LLC,Organization name.
8.0.0-dev+exp,true,destination,destination.bytes,long,core,,184,Bytes sent from the destination to the source.
8.0.0-dev+exp,true,destination,destination.domain,keyword,core,,,Destination domain.
8.0.0-dev+exp,true,destination,destination.domain,keyword,core,,foo.example.com,The domain name of the destination.
8.0.0-dev+exp,true,destination,destination.geo.city_name,keyword,core,,Montreal,City name.
8.0.0-dev+exp,true,destination,destination.geo.continent_code,keyword,core,,NA,Continent code.
8.0.0-dev+exp,true,destination,destination.geo.continent_name,keyword,core,,North America,Name of the continent.
Expand Down Expand Up @@ -978,7 +978,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.0.0-dev+exp,true,server,server.as.organization.name,keyword,extended,,Google LLC,Organization name.
8.0.0-dev+exp,true,server,server.as.organization.name.text,match_only_text,extended,,Google LLC,Organization name.
8.0.0-dev+exp,true,server,server.bytes,long,core,,184,Bytes sent from the server to the client.
8.0.0-dev+exp,true,server,server.domain,keyword,core,,,Server domain.
8.0.0-dev+exp,true,server,server.domain,keyword,core,,foo.example.com,The domain name of the server.
8.0.0-dev+exp,true,server,server.geo.city_name,keyword,core,,Montreal,City name.
8.0.0-dev+exp,true,server,server.geo.continent_code,keyword,core,,NA,Continent code.
8.0.0-dev+exp,true,server,server.geo.continent_name,keyword,core,,North America,Name of the continent.
Expand Down Expand Up @@ -1043,7 +1043,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.0.0-dev+exp,true,source,source.as.organization.name,keyword,extended,,Google LLC,Organization name.
8.0.0-dev+exp,true,source,source.as.organization.name.text,match_only_text,extended,,Google LLC,Organization name.
8.0.0-dev+exp,true,source,source.bytes,long,core,,184,Bytes sent from the source to the destination.
8.0.0-dev+exp,true,source,source.domain,keyword,core,,,Source domain.
8.0.0-dev+exp,true,source,source.domain,keyword,core,,foo.example.com,The domain name of the source.
8.0.0-dev+exp,true,source,source.geo.city_name,keyword,core,,Montreal,City name.
8.0.0-dev+exp,true,source,source.geo.continent_code,keyword,core,,NA,Continent code.
8.0.0-dev+exp,true,source,source.geo.continent_name,keyword,core,,North America,Name of the continent.
Expand Down
32 changes: 24 additions & 8 deletions experimental/generated/ecs/ecs_flat.yml
Original file line number Diff line number Diff line change
Expand Up @@ -157,13 +157,17 @@ client.bytes:
type: long
client.domain:
dashed_name: client-domain
description: Client domain.
description: 'The domain name of the client system.

This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from enrichment.'
example: foo.example.com
flat_name: client.domain
ignore_above: 1024
level: core
name: domain
normalize: []
short: Client domain.
short: The domain name of the client.
type: keyword
client.geo.city_name:
dashed_name: client-geo-city-name
Expand Down Expand Up @@ -1210,13 +1214,17 @@ destination.bytes:
type: long
destination.domain:
dashed_name: destination-domain
description: Destination domain.
description: 'The domain name of the destination system.

This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from enrichment.'
example: foo.example.com
flat_name: destination.domain
ignore_above: 1024
level: core
name: domain
normalize: []
short: Destination domain.
short: The domain name of the destination.
type: keyword
destination.geo.city_name:
dashed_name: destination-geo-city-name
Expand Down Expand Up @@ -12148,13 +12156,17 @@ server.bytes:
type: long
server.domain:
dashed_name: server-domain
description: Server domain.
description: 'The domain name of the server system.

This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from enrichment.'
example: foo.example.com
flat_name: server.domain
ignore_above: 1024
level: core
name: domain
normalize: []
short: Server domain.
short: The domain name of the server.
type: keyword
server.geo.city_name:
dashed_name: server-geo-city-name
Expand Down Expand Up @@ -13048,13 +13060,17 @@ source.bytes:
type: long
source.domain:
dashed_name: source-domain
description: Source domain.
description: 'The domain name of the source system.

This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from enrichment.'
example: foo.example.com
flat_name: source.domain
ignore_above: 1024
level: core
name: domain
normalize: []
short: Source domain.
short: The domain name of the source.
type: keyword
source.geo.city_name:
dashed_name: source-geo-city-name
Expand Down
36 changes: 28 additions & 8 deletions experimental/generated/ecs/ecs_nested.yml
Original file line number Diff line number Diff line change
Expand Up @@ -308,13 +308,18 @@ client:
type: long
client.domain:
dashed_name: client-domain
description: Client domain.
description: 'The domain name of the client system.

This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from
enrichment.'
example: foo.example.com
flat_name: client.domain
ignore_above: 1024
level: core
name: domain
normalize: []
short: Client domain.
short: The domain name of the client.
type: keyword
client.geo.city_name:
dashed_name: client-geo-city-name
Expand Down Expand Up @@ -1619,13 +1624,18 @@ destination:
type: long
destination.domain:
dashed_name: destination-domain
description: Destination domain.
description: 'The domain name of the destination system.

This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from
enrichment.'
example: foo.example.com
flat_name: destination.domain
ignore_above: 1024
level: core
name: domain
normalize: []
short: Destination domain.
short: The domain name of the destination.
type: keyword
destination.geo.city_name:
dashed_name: destination-geo-city-name
Expand Down Expand Up @@ -14234,13 +14244,18 @@ server:
type: long
server.domain:
dashed_name: server-domain
description: Server domain.
description: 'The domain name of the server system.

This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from
enrichment.'
example: foo.example.com
flat_name: server.domain
ignore_above: 1024
level: core
name: domain
normalize: []
short: Server domain.
short: The domain name of the server.
type: keyword
server.geo.city_name:
dashed_name: server-geo-city-name
Expand Down Expand Up @@ -15218,13 +15233,18 @@ source:
type: long
source.domain:
dashed_name: source-domain
description: Source domain.
description: 'The domain name of the source system.

This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from
enrichment.'
example: foo.example.com
flat_name: source.domain
ignore_above: 1024
level: core
name: domain
normalize: []
short: Source domain.
short: The domain name of the source.
type: keyword
source.geo.city_name:
dashed_name: source-geo-city-name
Expand Down
28 changes: 24 additions & 4 deletions generated/beats/fields.ecs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,12 @@
level: core
type: keyword
ignore_above: 1024
description: Client domain.
description: 'The domain name of the client system.
This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from
enrichment.'
example: foo.example.com
- name: geo.city_name
level: core
type: keyword
Expand Down Expand Up @@ -949,7 +954,12 @@
level: core
type: keyword
ignore_above: 1024
description: Destination domain.
description: 'The domain name of the destination system.
This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from
enrichment.'
example: foo.example.com
- name: geo.city_name
level: core
type: keyword
Expand Down Expand Up @@ -5548,7 +5558,12 @@
level: core
type: keyword
ignore_above: 1024
description: Server domain.
description: 'The domain name of the server system.
This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from
enrichment.'
example: foo.example.com
- name: geo.city_name
level: core
type: keyword
Expand Down Expand Up @@ -6155,7 +6170,12 @@
level: core
type: keyword
ignore_above: 1024
description: Source domain.
description: 'The domain name of the source system.
This value may be a host name, a fully qualified domain name, or another host
naming format. The value may derive from the original event or be added from
enrichment.'
example: foo.example.com
- name: geo.city_name
level: core
type: keyword
Expand Down
Loading

0 comments on commit 1682152

Please sign in to comment.