Cloud Fieldsedit

Fields related to the cloud or infrastructure the events are coming from.

Cloud Field Detailsedit

Field Description Level

cloud.account.id

The cloud account or organization id used to identify different entities in a multi-tenant environment.

Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.

type: keyword

example: 666777888999

extended

cloud.account.name

The cloud account name or alias used to identify different entities in a multi-tenant environment.

Examples: AWS account name, Google Cloud ORG display name.

type: keyword

example: elastic-dev

extended

cloud.availability_zone

Availability zone in which this host, resource, or service is located.

type: keyword

example: us-east-1c

extended

cloud.instance.id

Instance ID of the host machine.

type: keyword

example: i-1234567890abcdef0

extended

cloud.instance.name

Instance name of the host machine.

type: keyword

extended

cloud.machine.type

Machine type of the host machine.

type: keyword

example: t2.medium

extended

cloud.project.id

The cloud project identifier.

Examples: Google Cloud Project id, Azure Project id.

type: keyword

example: my-project

extended

cloud.project.name

The cloud project name.

Examples: Google Cloud Project name, Azure Project name.

type: keyword

example: my project

extended

cloud.provider

Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.

type: keyword

example: aws

extended

cloud.region

Region in which this host, resource, or service is located.

type: keyword

example: us-east-1

extended

cloud.service.name

The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server.

Examples: app engine, app service, cloud run, fargate, lambda.

type: keyword

example: lambda

extended

Field Reuseedit

The cloud fields are expected to be nested at:

  • cloud.origin
  • cloud.target

Note also that the cloud fields may be used directly at the root of the events.

Field sets that can be nested under Cloudedit
Location Field Set Description

cloud.origin.*

cloud

[beta] Reusing the cloud fields in this location is currently considered beta.

Provides the cloud information of the origin entity in case of an incoming request or event.

cloud.target.*

cloud

[beta] Reusing the cloud fields in this location is currently considered beta.

Provides the cloud information of the target entity in case of an outgoing request or event.

Cloud Field Usageedit

For usage and examples of the cloud fields, please see the Cloud Fields Usage and Examples section.