# Linux Version 1.0 Please check back often. These tables are updated regularly to accommodate new fields as provided by vendors. | **Field Names** | **Data Type** | **Length** | | -------------------------------- | ------------- | ---------- | | agent.type | text | 32 | | auditd. | text | 64 | | auditd. | text | 32 | | auditd. | text | 32 | | auditd. | text | 32 | | destination.address | ip | | | destination.as.organization.name | text | 128 | | destination.geo.city\_name | text | 32 | | destination.geo.continent\_code | text | 6 | | destination.geo.country\_code | text | 6 | | destination.geo.country\_name | text | 32 | | destination.geo.location.lat | geopoint | | | destination.geo.location.lon | geopoint | | | destination.geo.region\_name | text | 64 | | destination.locality | text | 16 | | event.action | text | 16 | | event.category | array | 50 | | event.created | date | | | event.dataset | text | 50 | | event.id | text | 128 | | event.kind | text | 16 | | event.module | text | 16 | | event.original | | | | event.outcome | text | 16 | | event.reason | text | 128 | | event.severity | text | 16 | | event.type | array | 32 | | file.name | int | 128 | | host.architecture | text | 32 | | log.type | text | 32 | | message | text | 1024 | | | | | | observer.type | text | 32 | | organisation.id | text | 8 | | process. | text | 256 | | process. | text | 128 | | process. | text | 32 | | process. | int | 16 | | process. | int | 16 | | process. | text | 256 | | process.arg\_count | int | 16 | | process.args | text | 128 | | process.name | text | 128 | | process.parent.pid | int | 16 | | related.hash | array | 128 | | related.hosts | array | 128 | | related.ip | array | 128 | | related.user | array | 128 | | sensor.id | text | 10 | | source.address | ip | | | source.as.number | text | 16 | | source.as.organization.name | text | 128 | | source.geo.city\_name | text | 32 | | source.geo.continent\_code | text | 6 | | source.geo.country\_code | text | 6 | | source.geo.country\_name | text | 32 | | source.geo.location.lat | geopoint | | | source.geo.location.lon | geopoint | | | source.geo.region\_name | text | 64 | | source.locality | text | 16 | | threatintel.days | int | 16 | | threatintel.entity | text | 16 | | threatintel.event\_data | text | 512 | | threatintel.lookup | text | 16 | | threatintel.malware.malware | text | 512 | | threatintel.malware.timestamp | date/time | | | threatintel.severity | text | 16 | | threatintel.tags | text | 256 | | threatintel.white\_list | text | 32 | | user.audit.group.id | text | 32 | | user.audit.id | text | 32 | | user.effective.group.id | text | 32 | | user.effective.id | text | 32 | | user.filesystem.group.id | text | 32 | | user.filesystem.id | text | 32 | | user.group.id | text | 32 | | user.id | text | 128 | | user.name | text | 128 | | user.owner.group.id | text | 32 | | user.owner.id | text | 32 | | user.saved.group.id | text | 32 | | user.saved.id | text | 32 | | user.terminal | text | 128 | | uuid | text | 36 |