Operating System Fieldsedit

The OS fields contain information about the operating system.

Operating System Field Detailsedit

Field Description Level

os.family

OS family (such as redhat, debian, freebsd, windows).

type: keyword

example: debian

extended

os.full

Operating system name, including the version or code name.

type: keyword

Multi-fields:

* os.full.text (type: text)

example: Mac OS Mojave

extended

os.kernel

Operating system kernel version as a raw string.

type: keyword

example: 4.4.0-112-generic

extended

os.name

Operating system name, without the version.

type: keyword

Multi-fields:

* os.name.text (type: text)

example: Mac OS X

extended

os.platform

Operating system platform (such centos, ubuntu, windows).

type: keyword

example: darwin

extended

os.version

Operating system version as a raw string.

type: keyword

example: 10.14.1

extended

Field Reuseedit

The os fields are expected to be nested at: host.os, observer.os, user_agent.os.

Note also that the os fields are not expected to be used directly at the root of the events.