Additional grouping fieldsedit
Depending on which entity you select in the Inventory view, these additional fields can be mapped to group entities by.
-
cloud.availability_zone
-
Availability zone in which this host is running.
type: keyword
required: True
ECS field: True
example:
us-east-1c
-
cloud.machine.type
-
Machine type of the host machine.
type: keyword
required: True
ECS field: True
example:
t2.medium
-
cloud.region
-
Region in which this host is running.
type: keyword
required: True
ECS field: True
example:
us-east-1
-
cloud.instance.id
-
Instance ID of the host machine.
type: keyword
required: True
ECS field: True
example:
i-1234567890abcdef0
-
cloud.provider
-
Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
type: keyword
required: True
ECS field: True
example:
aws
-
cloud.instance.name
-
Instance name of the host machine.
type: keyword
required: True
ECS field: True
-
cloud.project.id
-
Name of the project in Google Cloud.
type: keyword
required: True
ECS field: False
-
service.type
-
The type of the service data is collected from.
The type can be used to group and correlate logs and metrics from one service type.
Example: If metrics are collected from Elasticsearch, service.type would be elasticsearch.
type: keyword
required: True
ECS field: False
example:
elasticsearch
-
host.hostname
-
Hostname of the host.
It normally contains what the
hostname
command returns on the host machine.type: keyword
required: True, if you want to use the machine learning features.
ECS field: True
example:
Elastic.local
-
host.os.name
-
Operating system name, without the version.
Multi-fields:
-
os.name.text (type: text)
type: keyword
required: True
ECS field: True
example:
Mac OS X
-
-
host.os.kernel
-
Operating system kernel version as a raw string.
type: keyword
required: True
ECS field: True
example:
4.4.0-112-generic