Group Fieldsedit

The group fields are meant to represent groups that are relevant to the event.

Group Field Detailsedit

Field Description Level

group.domain

Name of the directory the group is a member of.

For example, an LDAP or Active Directory domain name.

type: keyword

extended

group.id

Unique identifier for the group on the system/platform.

type: keyword

extended

group.name

Name of the group.

type: keyword

extended

Field Reuseedit

The group fields are expected to be nested at:

  • user.group

Note also that the group fields may be used directly at the root of the events.