Additional grouping fieldsedit

Depending on which entity you select in the Inventory view, these additional fields can be mapped to group entities by.

cloud.availability_zone

Availability zone in which this host is running.

type: keyword

required: True

ECS field: True

example: us-east-1c

cloud.machine.type

Machine type of the host machine.

type: keyword

required: True

ECS field: True

example: t2.medium

cloud.region

Region in which this host is running.

type: keyword

required: True

ECS field: True

example: us-east-1

cloud.instance.id

Instance ID of the host machine.

type: keyword

required: True

ECS field: True

example: i-1234567890abcdef0

cloud.provider

Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.

type: keyword

required: True

ECS field: True

example: aws

cloud.instance.name

Instance name of the host machine.

type: keyword

required: True

ECS field: True

cloud.project.id

Name of the project in Google Cloud.

type: keyword

required: True

ECS field: False

service.type

The type of the service data is collected from.

The type can be used to group and correlate logs and metrics from one service type.

Example: If metrics are collected from Elasticsearch, service.type would be elasticsearch.

type: keyword

required: True

ECS field: False

example: elasticsearch

host.hostname

Hostname of the host.

It normally contains what the hostname command returns on the host machine.

type: keyword

required: True, if you want to use the machine learning features.

ECS field: True

example: Elastic.local

host.os.name

Operating system name, without the version.

Multi-fields:

  • os.name.text (type: text)

    type: keyword

    required: True

    ECS field: True

    example: Mac OS X

host.os.kernel

Operating system kernel version as a raw string.

type: keyword

required: True

ECS field: True

example: 4.4.0-112-generic