diff --git a/code/go/ecs/os.go b/code/go/ecs/os.go index eb3a321de3..be46e849df 100644 --- a/code/go/ecs/os.go +++ b/code/go/ecs/os.go @@ -24,6 +24,9 @@ type Os struct { // Categorize the operating system in one of the broad commercial families. // One of these following values should be used (lowercase): linux, macos, // unix, windows. + // If the OS is not part of any of these families, the field should not be + // populated. Please let us know by opening an issue with ECS, to have it + // added to the list. CommercialFamily string `ecs:"commercial_family"` // Operating system platform (such centos, ubuntu, windows). diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 3f052177c5..8b879e684f 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -3858,6 +3858,8 @@ The OS fields contain information about the operating system. One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS is not part of any of these families, the field should not be populated. Please let us know by opening an issue with ECS, to have it added to the list. + type: keyword diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 79e885c5aa..84d603ded7 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -2139,7 +2139,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: os.family @@ -2898,7 +2901,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: os.family @@ -3014,7 +3020,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: family @@ -5707,7 +5716,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: os.family diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index c1c674cc80..0ac446c782 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -3342,7 +3342,10 @@ host.os.commercial_family: description: 'Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: host.os.commercial_family ignore_above: 1024 @@ -4493,7 +4496,10 @@ observer.os.commercial_family: description: 'Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: observer.os.commercial_family ignore_above: 1024 @@ -8745,7 +8751,10 @@ user_agent.os.commercial_family: description: 'Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: user_agent.os.commercial_family ignore_above: 1024 diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 0eae24f380..0c2b7be9a2 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -4006,7 +4006,10 @@ host: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: host.os.commercial_family ignore_above: 1024 @@ -5275,7 +5278,10 @@ observer: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: observer.os.commercial_family ignore_above: 1024 @@ -5499,7 +5505,10 @@ os: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: os.commercial_family ignore_above: 1024 @@ -10077,7 +10086,10 @@ user_agent: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: user_agent.os.commercial_family ignore_above: 1024 diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 1fa983db8a..65d74bfe95 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2182,7 +2182,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: os.family @@ -2952,7 +2955,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: os.family @@ -3071,7 +3077,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: family @@ -5587,7 +5596,10 @@ families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos default_field: false - name: os.family diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 0d7ba60b42..e960a9b5a2 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -3390,7 +3390,10 @@ host.os.commercial_family: description: 'Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: host.os.commercial_family ignore_above: 1024 @@ -4552,7 +4555,10 @@ observer.os.commercial_family: description: 'Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: observer.os.commercial_family ignore_above: 1024 @@ -8468,7 +8474,10 @@ user_agent.os.commercial_family: description: 'Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: user_agent.os.commercial_family ignore_above: 1024 diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index cbcac03e01..286b1d5542 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -4056,7 +4056,10 @@ host: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: host.os.commercial_family ignore_above: 1024 @@ -5336,7 +5339,10 @@ observer: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: observer.os.commercial_family ignore_above: 1024 @@ -5563,7 +5569,10 @@ os: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: os.commercial_family ignore_above: 1024 @@ -9784,7 +9793,10 @@ user_agent: families. One of these following values should be used (lowercase): linux, macos, unix, - windows.' + windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list.' example: macos flat_name: user_agent.os.commercial_family ignore_above: 1024 diff --git a/schemas/os.yml b/schemas/os.yml index 56b2269b7d..5a704cb10d 100644 --- a/schemas/os.yml +++ b/schemas/os.yml @@ -21,6 +21,9 @@ Categorize the operating system in one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. + + If the OS is not part of any of these families, the field should not be populated. + Please let us know by opening an issue with ECS, to have it added to the list. example: macos - name: platform