Additional grouping fields
editAdditional grouping fields
editDepending on which entity you select in the Inventory view, these additional fields can be mapped to group entities by.
-
cloud.availability_zone -
Availability zone in which this host is running.
type: keyword
required: True
ECS field: True
example:
us-east-1c -
cloud.machine.type -
Machine type of the host machine.
type: keyword
required: True
ECS field: True
example:
t2.medium -
cloud.region -
Region in which this host is running.
type: keyword
required: True
ECS field: True
example:
us-east-1 -
cloud.instance.id -
Instance ID of the host machine.
type: keyword
required: True
ECS field: True
example:
i-1234567890abcdef0 -
cloud.provider -
Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
type: keyword
required: True
ECS field: True
example:
aws -
cloud.instance.name -
Instance name of the host machine.
type: keyword
required: True
ECS field: True
-
cloud.project.id -
Name of the project in Google Cloud.
type: keyword
required: True
ECS field: False
-
service.type -
The type of the service data is collected from.
The type can be used to group and correlate logs and metrics from one service type.
Example: If metrics are collected from Elasticsearch, service.type would be elasticsearch.
type: keyword
required: True
ECS field: False
example:
elasticsearch -
host.hostname -
Hostname of the host.
It normally contains what the
hostnamecommand returns on the host machine.type: keyword
required: True, if you want to use the machine learning features.
ECS field: True
example:
Elastic.local -
host.os.name -
Operating system name, without the version.
Multi-fields:
-
os.name.text (type: text)
type: keyword
required: True
ECS field: True
example:
Mac OS X
-
-
host.os.kernel -
Operating system kernel version as a raw string.
type: keyword
required: True
ECS field: True
example:
4.4.0-112-generic