Base fieldsedit

The base field set contains all fields which are on the top level. These fields are common across all types of events.

@timestamp

Date/time when the event originated.

This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events.

type: date

required: True

ECS field: True

example: May 27, 2020 @ 15:22:27.982

message

For log events the message field contains the log message, optimized for viewing in a log viewer.

For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event.

If multiple messages exist, they can be combined into one message.

type: text

required: True

ECS field: True

example: Hello World