Group Fields | Elastic Common Schema (ECS) Reference [1.1]

IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

› ›

« Geo Fields Hash Fields »

Group Fieldsedit

The group fields are meant to represent groups that are relevant to the event.

Group Field Detailsedit

Field	Description	Level
group.id	Unique identifier for the group on the system/platform. type: keyword	extended
group.name	Name of the group. type: keyword	extended

Field

Description

Level

group.id

Unique identifier for the group on the system/platform.

type: keyword

extended

group.name

Name of the group.

type: keyword

extended

Field Reuseedit

The group fields are expected to be nested at: user.group.

Note also that the group fields may be used directly at the top level.

« Geo Fields Hash Fields »