diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index a2b294c23cd..4d274d42b6a 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -50365,7 +50365,7 @@ type: float *`elasticsearch.gc.phase.cpu_time.sys_sec`*:: + -- -CPU time spent inside the kernel. +CPU time spent inside the kernel. type: float @@ -50535,7 +50535,7 @@ Young GC type: long -example: +example: -- @@ -50546,7 +50546,7 @@ example: type: long -example: +example: -- @@ -50618,7 +50618,7 @@ Types type: keyword -example: +example: -- @@ -50662,7 +50662,7 @@ Extra source information type: keyword -example: +example: -- @@ -50706,7 +50706,7 @@ Id type: keyword -example: +example: -- @@ -66289,14 +66289,14 @@ type: keyword [float] === authentication_info -Authentication information. +Authentication information. *`gcp.audit.authentication_info.principal_email`*:: + -- -The email address of the authenticated user making the request. +The email address of the authenticated user making the request. type: keyword @@ -66306,7 +66306,7 @@ type: keyword *`gcp.audit.authentication_info.authority_selector`*:: + -- -The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. +The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. type: keyword @@ -66373,7 +66373,7 @@ type: keyword *`gcp.audit.request.name`*:: + -- -Name of the request. +Name of the request. type: keyword @@ -66383,7 +66383,7 @@ type: keyword *`gcp.audit.request.resource_name`*:: + -- -Name of the request resource. +Name of the request resource. type: keyword @@ -66400,7 +66400,7 @@ Metadata about the request. *`gcp.audit.request_metadata.caller_ip`*:: + -- -The IP address of the caller. +The IP address of the caller. type: ip @@ -66484,7 +66484,7 @@ type: keyword *`gcp.audit.response.status`*:: + -- -Status of the response. +Status of the response. type: keyword @@ -66531,14 +66531,14 @@ type: keyword [float] === status -The status of the overall operation. +The status of the overall operation. *`gcp.audit.status.code`*:: + -- -The status code, which should be an enum value of google.rpc.Code. +The status code, which should be an enum value of google.rpc.Code. type: integer @@ -66548,7 +66548,7 @@ type: integer *`gcp.audit.status.message`*:: + -- -A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. +A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. type: keyword @@ -93963,7 +93963,7 @@ type: text *`misp.identity.identity_class`*:: + -- -The type of entity that this Identity describes, e.g., an individual or organization. Open Vocab - identity-class-ov +The type of entity that this Identity describes, e.g., an individual or organization. Open Vocab - identity-class-ov type: keyword @@ -93973,7 +93973,7 @@ type: keyword *`misp.identity.labels`*:: + -- -The list of roles that this Identity performs. +The list of roles that this Identity performs. type: keyword @@ -93986,7 +93986,7 @@ example: CEO *`misp.identity.sectors`*:: + -- -The list of sectors that this Identity belongs to. Open Vocab - industry-sector-ov +The list of sectors that this Identity belongs to. Open Vocab - industry-sector-ov type: keyword @@ -94236,7 +94236,7 @@ Fields provide support for specifying information about threat indicators, and r *`misp.threat_indicator.labels`*:: + -- -list of type open-vocab that specifies the type of indicator. +list of type open-vocab that specifies the type of indicator. type: keyword @@ -94385,7 +94385,7 @@ format: string *`misp.threat_indicator.attack_pattern`*:: + -- -The attack_pattern for this indicator is a STIX Pattern as specified in STIX Version 2.0 Part 5 - STIX Patterning. +The attack_pattern for this indicator is a STIX Pattern as specified in STIX Version 2.0 Part 5 - STIX Patterning. type: keyword @@ -94398,7 +94398,7 @@ example: [destination:ip = '91.219.29.188/32'] *`misp.threat_indicator.attack_pattern_kql`*:: + -- -The attack_pattern for this indicator is KQL query that matches the attack_pattern specified in the STIX Pattern format. +The attack_pattern for this indicator is KQL query that matches the attack_pattern specified in the STIX Pattern format. type: keyword @@ -95225,7 +95225,7 @@ type: long *`mysql.slowlog.sort_range_count`*:: + -- -Number of sorts that were done using ranges. +Number of sorts that were done using ranges. type: long @@ -95325,7 +95325,7 @@ type: long *`mysql.slowlog.read_rnd`*:: + -- -The number of requests to read a row based on a fixed position. +The number of requests to read a row based on a fixed position. type: long @@ -113584,7 +113584,7 @@ Fields for Pensando DFW *`pensando.dfw.action`*:: + -- -Action on the flow. +Action on the flow. type: keyword @@ -113594,7 +113594,7 @@ type: keyword *`pensando.dfw.app_id`*:: + -- -Application ID +Application ID type: integer @@ -113604,7 +113604,7 @@ type: integer *`pensando.dfw.destination_address`*:: + -- -Address of destination. +Address of destination. type: keyword @@ -113614,7 +113614,7 @@ type: keyword *`pensando.dfw.destination_port`*:: + -- -Port of destination. +Port of destination. type: integer @@ -113624,7 +113624,7 @@ type: integer *`pensando.dfw.direction`*:: + -- -Direction of the flow +Direction of the flow type: keyword @@ -113634,7 +113634,7 @@ type: keyword *`pensando.dfw.protocol`*:: + -- -Protocol of the flow +Protocol of the flow type: keyword @@ -113644,7 +113644,7 @@ type: keyword *`pensando.dfw.rule_id`*:: + -- -Rule ID that was matched. +Rule ID that was matched. type: keyword @@ -113654,7 +113654,7 @@ type: keyword *`pensando.dfw.session_id`*:: + -- -Session ID of the flow +Session ID of the flow type: integer @@ -113664,7 +113664,7 @@ type: integer *`pensando.dfw.session_state`*:: + -- -Session state of the flow. +Session state of the flow. type: keyword @@ -113674,7 +113674,7 @@ type: keyword *`pensando.dfw.source_address`*:: + -- -Source address of the flow. +Source address of the flow. type: keyword @@ -113684,7 +113684,7 @@ type: keyword *`pensando.dfw.source_port`*:: + -- -Source port of the flow. +Source port of the flow. type: integer @@ -113694,7 +113694,7 @@ type: integer *`pensando.dfw.timestamp`*:: + -- -Timestamp of the log. +Timestamp of the log. type: date @@ -171869,4 +171869,4 @@ type: keyword -- -:edit_url!: +:edit_url!: \ No newline at end of file