Linux
Version 1.0
Please check back often. These tables are updated regularly to accommodate new fields as provided by vendors.
Field Names | Data Type | Length |
agent.type | text | 32 |
auditd. | text | 64 |
auditd. | text | 32 |
auditd. | text | 32 |
auditd. | text | 32 |
destination.address | ip | |
destination.as.organization.name | text | 128 |
destination.geo.city_name | text | 32 |
destination.geo.continent_code | text | 6 |
destination.geo.country_code | text | 6 |
destination.geo.country_name | text | 32 |
destination.geo.location.lat | geopoint | |
destination.geo.location.lon | geopoint | |
destination.geo.region_name | text | 64 |
destination.locality | text | 16 |
event.action | text | 16 |
event.category | array | 50 |
event.created | date | |
event.dataset | text | 50 |
event.id | text | 128 |
event.kind | text | 16 |
event.module | text | 16 |
event.original | ||
event.outcome | text | 16 |
event.reason | text | 128 |
event.severity | text | 16 |
event.type | array | 32 |
file.name | int | 128 |
host.architecture | text | 32 |
log.type | text | 32 |
message | text | 1024 |
observer.type | text | 32 |
organisation.id | text | 8 |
process. | text | 256 |
process. | text | 128 |
process. | text | 32 |
process. | int | 16 |
process. | int | 16 |
process. | text | 256 |
process.arg_count | int | 16 |
process.args | text | 128 |
process.name | text | 128 |
process.parent.pid | int | 16 |
related.hash | array | 128 |
related.hosts | array | 128 |
related.ip | array | 128 |
related.user | array | 128 |
sensor.id | text | 10 |
source.address | ip | |
source.as.number | text | 16 |
source.as.organization.name | text | 128 |
source.geo.city_name | text | 32 |
source.geo.continent_code | text | 6 |
source.geo.country_code | text | 6 |
source.geo.country_name | text | 32 |
source.geo.location.lat | geopoint | |
source.geo.location.lon | geopoint | |
source.geo.region_name | text | 64 |
source.locality | text | 16 |
threatintel.days | int | 16 |
threatintel.entity | text | 16 |
threatintel.event_data | text | 512 |
threatintel.lookup | text | 16 |
threatintel.malware.malware | text | 512 |
threatintel.malware.timestamp | date/time | |
threatintel.severity | text | 16 |
threatintel.tags | text | 256 |
threatintel.white_list | text | 32 |
user.audit.group.id | text | 32 |
user.audit.id | text | 32 |
user.effective.group.id | text | 32 |
user.effective.id | text | 32 |
user.filesystem.group.id | text | 32 |
user.filesystem.id | text | 32 |
user.group.id | text | 32 |
user.id | text | 128 |
user.name | text | 128 |
user.owner.group.id | text | 32 |
user.owner.id | text | 32 |
user.saved.group.id | text | 32 |
user.saved.id | text | 32 |
user.terminal | text | 128 |
uuid | text | 36 |