Group Fieldsedit

The group fields are meant to represent groups that are relevant to the event.

Group Field Detailsedit

FieldDescriptionLevel

group.id

Unique identifier for the group on the system/platform.

type: keyword

extended

group.name

Name of the group.

type: keyword

extended

Field Reuseedit

The group fields are expected to be nested at: user.group.

Note also that the group fields may be used directly at the top level.