Version 1.01
Please check back often. These tables are updated regularly to accommodate new fields as provided by vendors.
Field Name
Data Type
Length
agent.type
text
32
client.ip
ip
16
client.port
int
65535
client.user.name
text
128
destination.as.organization.name
text
128
destination.geo.city_name
text
32
destination.geo.continent_code
text
6
destination.geo.country_code
text
6
destination.geo.country_name
text
32
destination.geo.location.lat
geopoint
destination.geo.location.lon
geopoint
destination.geo.region_name
text
64
destination.ip
ip
destination.locality
text
16
destination.port
int
65535
event.action
text
16
event.category
array
50
event.created
date
event.dataset
text
50
event.id
text
128
event.kind
text
16
event.module
text
16
event.original
event.outcome
text
16
event.reason
text
128
event.severity
text
16
event.type
array
32
log.type
text
32
Message
text
1028
network.protocol
text
8
observer.type
text
32
organisation.id
text
8
related.hash
array
128
related.hosts
array
128
related.ip
array
128
related.user
array
128
sensor.id
text
10
source.as.number
text
16
source.as.organization.name
text
128
source.geo.city_name
text
32
source.geo.continent_code
text
6
source.geo.country_code
text
6
source.geo.country_name
text
32
source.geo.location.lat
geopoint
source.geo.location.lon
geopoint
source.geo.region_name
text
64
source.ip
ip
source.locality
text
16
source.port
int
65535
threatintel.days
int
16
threatintel.entity
text
16
threatintel.event_data
text
512
threatintel.lookup
text
16
threatintel.malware.malware
text
512
threatintel.malware.timestamp
date/time
threatintel.severity
text
16
threatintel.tags
text
256
threatintel.white_list
text
32
user.full_name
text
128
user.name
text
128
uuid
text
36