Skip to content

Commit 3a4981f

Browse files
marshallmainmarshallmain
committed
refactor schema reader to use intermediate schema structure
1 parent 01c5e31 commit 3a4981f

File tree

5 files changed

+462
-419
lines changed

5 files changed

+462
-419
lines changed

generated/csv/fields.csv

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
1414
1.5.0-dev,true,client,client.address,keyword,extended,,Client network address.
1515
1.5.0-dev,true,client,client.as.number,long,extended,15169,Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet.
1616
1.5.0-dev,true,client,client.as.organization.name,keyword,extended,Google LLC,Organization name.
17-
1.5.0-dev,true,client,as.organization.name.text,text,extended,Google LLC,Organization name.
17+
1.5.0-dev,true,client,client.as.organization.name.text,text,extended,Google LLC,Organization name.
1818
1.5.0-dev,true,client,client.bytes,long,core,184,Bytes sent from the client to the server.
1919
1.5.0-dev,true,client,client.domain,keyword,core,,Client domain.
2020
1.5.0-dev,true,client,client.geo.city_name,keyword,core,Montreal,City name.
@@ -36,14 +36,14 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
3636
1.5.0-dev,true,client,client.user.domain,keyword,extended,,Name of the directory the user is a member of.
3737
1.5.0-dev,true,client,client.user.email,keyword,extended,,User email address.
3838
1.5.0-dev,true,client,client.user.full_name,keyword,extended,Albert Einstein,"User's full name, if available."
39-
1.5.0-dev,true,client,user.full_name.text,text,extended,Albert Einstein,"User's full name, if available."
39+
1.5.0-dev,true,client,client.user.full_name.text,text,extended,Albert Einstein,"User's full name, if available."
4040
1.5.0-dev,true,client,client.user.group.domain,keyword,extended,,Name of the directory the group is a member of.
4141
1.5.0-dev,true,client,client.user.group.id,keyword,extended,,Unique identifier for the group on the system/platform.
4242
1.5.0-dev,true,client,client.user.group.name,keyword,extended,,Name of the group.
4343
1.5.0-dev,true,client,client.user.hash,keyword,extended,,Unique user hash to correlate information for a user in anonymized form.
4444
1.5.0-dev,true,client,client.user.id,keyword,core,,One or multiple unique identifiers of the user.
4545
1.5.0-dev,true,client,client.user.name,keyword,core,albert,Short name or login of the user.
46-
1.5.0-dev,true,client,user.name.text,text,core,albert,Short name or login of the user.
46+
1.5.0-dev,true,client,client.user.name.text,text,core,albert,Short name or login of the user.
4747
1.5.0-dev,true,cloud,cloud.account.id,keyword,extended,666777888999,The cloud account or organization id.
4848
1.5.0-dev,true,cloud,cloud.availability_zone,keyword,extended,us-east-1c,Availability zone in which this host is running.
4949
1.5.0-dev,true,cloud,cloud.instance.id,keyword,extended,i-1234567890abcdef0,Instance ID of the host machine.
@@ -60,7 +60,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
6060
1.5.0-dev,true,destination,destination.address,keyword,extended,,Destination network address.
6161
1.5.0-dev,true,destination,destination.as.number,long,extended,15169,Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet.
6262
1.5.0-dev,true,destination,destination.as.organization.name,keyword,extended,Google LLC,Organization name.
63-
1.5.0-dev,true,destination,as.organization.name.text,text,extended,Google LLC,Organization name.
63+
1.5.0-dev,true,destination,destination.as.organization.name.text,text,extended,Google LLC,Organization name.
6464
1.5.0-dev,true,destination,destination.bytes,long,core,184,Bytes sent from the destination to the source.
6565
1.5.0-dev,true,destination,destination.domain,keyword,core,,Destination domain.
6666
1.5.0-dev,true,destination,destination.geo.city_name,keyword,core,Montreal,City name.
@@ -82,14 +82,14 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
8282
1.5.0-dev,true,destination,destination.user.domain,keyword,extended,,Name of the directory the user is a member of.
8383
1.5.0-dev,true,destination,destination.user.email,keyword,extended,,User email address.
8484
1.5.0-dev,true,destination,destination.user.full_name,keyword,extended,Albert Einstein,"User's full name, if available."
85-
1.5.0-dev,true,destination,user.full_name.text,text,extended,Albert Einstein,"User's full name, if available."
85+
1.5.0-dev,true,destination,destination.user.full_name.text,text,extended,Albert Einstein,"User's full name, if available."
8686
1.5.0-dev,true,destination,destination.user.group.domain,keyword,extended,,Name of the directory the group is a member of.
8787
1.5.0-dev,true,destination,destination.user.group.id,keyword,extended,,Unique identifier for the group on the system/platform.
8888
1.5.0-dev,true,destination,destination.user.group.name,keyword,extended,,Name of the group.
8989
1.5.0-dev,true,destination,destination.user.hash,keyword,extended,,Unique user hash to correlate information for a user in anonymized form.
9090
1.5.0-dev,true,destination,destination.user.id,keyword,core,,One or multiple unique identifiers of the user.
9191
1.5.0-dev,true,destination,destination.user.name,keyword,core,albert,Short name or login of the user.
92-
1.5.0-dev,true,destination,user.name.text,text,core,albert,Short name or login of the user.
92+
1.5.0-dev,true,destination,destination.user.name.text,text,core,albert,Short name or login of the user.
9393
1.5.0-dev,true,dns,dns.answers,object,extended,,Array of DNS answers.
9494
1.5.0-dev,true,dns,dns.answers.class,keyword,extended,IN,The class of DNS data contained in this resource record.
9595
1.5.0-dev,true,dns,dns.answers.data,keyword,extended,10.10.10.10,The data describing the resource.
@@ -195,25 +195,25 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
195195
1.5.0-dev,true,host,host.name,keyword,core,,Name of the host.
196196
1.5.0-dev,true,host,host.os.family,keyword,extended,debian,"OS family (such as redhat, debian, freebsd, windows)."
197197
1.5.0-dev,true,host,host.os.full,keyword,extended,Mac OS Mojave,"Operating system name, including the version or code name."
198-
1.5.0-dev,true,host,os.full.text,text,extended,Mac OS Mojave,"Operating system name, including the version or code name."
198+
1.5.0-dev,true,host,host.os.full.text,text,extended,Mac OS Mojave,"Operating system name, including the version or code name."
199199
1.5.0-dev,true,host,host.os.kernel,keyword,extended,4.4.0-112-generic,Operating system kernel version as a raw string.
200200
1.5.0-dev,true,host,host.os.name,keyword,extended,Mac OS X,"Operating system name, without the version."
201-
1.5.0-dev,true,host,os.name.text,text,extended,Mac OS X,"Operating system name, without the version."
201+
1.5.0-dev,true,host,host.os.name.text,text,extended,Mac OS X,"Operating system name, without the version."
202202
1.5.0-dev,true,host,host.os.platform,keyword,extended,darwin,"Operating system platform (such centos, ubuntu, windows)."
203203
1.5.0-dev,true,host,host.os.version,keyword,extended,10.14.1,Operating system version as a raw string.
204204
1.5.0-dev,true,host,host.type,keyword,core,,Type of host.
205205
1.5.0-dev,true,host,host.uptime,long,extended,1325,Seconds the host has been up.
206206
1.5.0-dev,true,host,host.user.domain,keyword,extended,,Name of the directory the user is a member of.
207207
1.5.0-dev,true,host,host.user.email,keyword,extended,,User email address.
208208
1.5.0-dev,true,host,host.user.full_name,keyword,extended,Albert Einstein,"User's full name, if available."
209-
1.5.0-dev,true,host,user.full_name.text,text,extended,Albert Einstein,"User's full name, if available."
209+
1.5.0-dev,true,host,host.user.full_name.text,text,extended,Albert Einstein,"User's full name, if available."
210210
1.5.0-dev,true,host,host.user.group.domain,keyword,extended,,Name of the directory the group is a member of.
211211
1.5.0-dev,true,host,host.user.group.id,keyword,extended,,Unique identifier for the group on the system/platform.
212212
1.5.0-dev,true,host,host.user.group.name,keyword,extended,,Name of the group.
213213
1.5.0-dev,true,host,host.user.hash,keyword,extended,,Unique user hash to correlate information for a user in anonymized form.
214214
1.5.0-dev,true,host,host.user.id,keyword,core,,One or multiple unique identifiers of the user.
215215
1.5.0-dev,true,host,host.user.name,keyword,core,albert,Short name or login of the user.
216-
1.5.0-dev,true,host,user.name.text,text,core,albert,Short name or login of the user.
216+
1.5.0-dev,true,host,host.user.name.text,text,core,albert,Short name or login of the user.
217217
1.5.0-dev,true,http,http.request.body.bytes,long,extended,887,Size in bytes of the request body.
218218
1.5.0-dev,true,http,http.request.body.content,keyword,extended,Hello world,The full HTTP request body.
219219
1.5.0-dev,true,http,http.request.body.content.text,text,extended,Hello world,The full HTTP request body.
@@ -263,10 +263,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
263263
1.5.0-dev,true,observer,observer.name,keyword,extended,1_proxySG,Custom name of the observer.
264264
1.5.0-dev,true,observer,observer.os.family,keyword,extended,debian,"OS family (such as redhat, debian, freebsd, windows)."
265265
1.5.0-dev,true,observer,observer.os.full,keyword,extended,Mac OS Mojave,"Operating system name, including the version or code name."
266-
1.5.0-dev,true,observer,os.full.text,text,extended,Mac OS Mojave,"Operating system name, including the version or code name."
266+
1.5.0-dev,true,observer,observer.os.full.text,text,extended,Mac OS Mojave,"Operating system name, including the version or code name."
267267
1.5.0-dev,true,observer,observer.os.kernel,keyword,extended,4.4.0-112-generic,Operating system kernel version as a raw string.
268268
1.5.0-dev,true,observer,observer.os.name,keyword,extended,Mac OS X,"Operating system name, without the version."
269-
1.5.0-dev,true,observer,os.name.text,text,extended,Mac OS X,"Operating system name, without the version."
269+
1.5.0-dev,true,observer,observer.os.name.text,text,extended,Mac OS X,"Operating system name, without the version."
270270
1.5.0-dev,true,observer,observer.os.platform,keyword,extended,darwin,"Operating system platform (such centos, ubuntu, windows)."
271271
1.5.0-dev,true,observer,observer.os.version,keyword,extended,10.14.1,Operating system version as a raw string.
272272
1.5.0-dev,true,observer,observer.product,keyword,extended,s200,The product name of the observer.
@@ -362,7 +362,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
362362
1.5.0-dev,true,server,server.address,keyword,extended,,Server network address.
363363
1.5.0-dev,true,server,server.as.number,long,extended,15169,Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet.
364364
1.5.0-dev,true,server,server.as.organization.name,keyword,extended,Google LLC,Organization name.
365-
1.5.0-dev,true,server,as.organization.name.text,text,extended,Google LLC,Organization name.
365+
1.5.0-dev,true,server,server.as.organization.name.text,text,extended,Google LLC,Organization name.
366366
1.5.0-dev,true,server,server.bytes,long,core,184,Bytes sent from the server to the client.
367367
1.5.0-dev,true,server,server.domain,keyword,core,,Server domain.
368368
1.5.0-dev,true,server,server.geo.city_name,keyword,core,Montreal,City name.
@@ -384,14 +384,14 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
384384
1.5.0-dev,true,server,server.user.domain,keyword,extended,,Name of the directory the user is a member of.
385385
1.5.0-dev,true,server,server.user.email,keyword,extended,,User email address.
386386
1.5.0-dev,true,server,server.user.full_name,keyword,extended,Albert Einstein,"User's full name, if available."
387-
1.5.0-dev,true,server,user.full_name.text,text,extended,Albert Einstein,"User's full name, if available."
387+
1.5.0-dev,true,server,server.user.full_name.text,text,extended,Albert Einstein,"User's full name, if available."
388388
1.5.0-dev,true,server,server.user.group.domain,keyword,extended,,Name of the directory the group is a member of.
389389
1.5.0-dev,true,server,server.user.group.id,keyword,extended,,Unique identifier for the group on the system/platform.
390390
1.5.0-dev,true,server,server.user.group.name,keyword,extended,,Name of the group.
391391
1.5.0-dev,true,server,server.user.hash,keyword,extended,,Unique user hash to correlate information for a user in anonymized form.
392392
1.5.0-dev,true,server,server.user.id,keyword,core,,One or multiple unique identifiers of the user.
393393
1.5.0-dev,true,server,server.user.name,keyword,core,albert,Short name or login of the user.
394-
1.5.0-dev,true,server,user.name.text,text,core,albert,Short name or login of the user.
394+
1.5.0-dev,true,server,server.user.name.text,text,core,albert,Short name or login of the user.
395395
1.5.0-dev,true,service,service.ephemeral_id,keyword,extended,8a4f500f,Ephemeral identifier of this service.
396396
1.5.0-dev,true,service,service.id,keyword,core,d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6,Unique identifier of the running service.
397397
1.5.0-dev,true,service,service.name,keyword,core,elasticsearch-metrics,Name of the service.
@@ -402,7 +402,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
402402
1.5.0-dev,true,source,source.address,keyword,extended,,Source network address.
403403
1.5.0-dev,true,source,source.as.number,long,extended,15169,Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet.
404404
1.5.0-dev,true,source,source.as.organization.name,keyword,extended,Google LLC,Organization name.
405-
1.5.0-dev,true,source,as.organization.name.text,text,extended,Google LLC,Organization name.
405+
1.5.0-dev,true,source,source.as.organization.name.text,text,extended,Google LLC,Organization name.
406406
1.5.0-dev,true,source,source.bytes,long,core,184,Bytes sent from the source to the destination.
407407
1.5.0-dev,true,source,source.domain,keyword,core,,Source domain.
408408
1.5.0-dev,true,source,source.geo.city_name,keyword,core,Montreal,City name.
@@ -424,14 +424,14 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
424424
1.5.0-dev,true,source,source.user.domain,keyword,extended,,Name of the directory the user is a member of.
425425
1.5.0-dev,true,source,source.user.email,keyword,extended,,User email address.
426426
1.5.0-dev,true,source,source.user.full_name,keyword,extended,Albert Einstein,"User's full name, if available."
427-
1.5.0-dev,true,source,user.full_name.text,text,extended,Albert Einstein,"User's full name, if available."
427+
1.5.0-dev,true,source,source.user.full_name.text,text,extended,Albert Einstein,"User's full name, if available."
428428
1.5.0-dev,true,source,source.user.group.domain,keyword,extended,,Name of the directory the group is a member of.
429429
1.5.0-dev,true,source,source.user.group.id,keyword,extended,,Unique identifier for the group on the system/platform.
430430
1.5.0-dev,true,source,source.user.group.name,keyword,extended,,Name of the group.
431431
1.5.0-dev,true,source,source.user.hash,keyword,extended,,Unique user hash to correlate information for a user in anonymized form.
432432
1.5.0-dev,true,source,source.user.id,keyword,core,,One or multiple unique identifiers of the user.
433433
1.5.0-dev,true,source,source.user.name,keyword,core,albert,Short name or login of the user.
434-
1.5.0-dev,true,source,user.name.text,text,core,albert,Short name or login of the user.
434+
1.5.0-dev,true,source,source.user.name.text,text,core,albert,Short name or login of the user.
435435
1.5.0-dev,true,threat,threat.framework,keyword,extended,MITRE ATT&CK,Threat classification framework.
436436
1.5.0-dev,true,threat,threat.tactic.id,keyword,extended,TA0040,Threat tactic id.
437437
1.5.0-dev,true,threat,threat.tactic.name,keyword,extended,impact,Threat tactic.
@@ -503,10 +503,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
503503
1.5.0-dev,true,user_agent,user_agent.original.text,text,extended,"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1",Unparsed user_agent string.
504504
1.5.0-dev,true,user_agent,user_agent.os.family,keyword,extended,debian,"OS family (such as redhat, debian, freebsd, windows)."
505505
1.5.0-dev,true,user_agent,user_agent.os.full,keyword,extended,Mac OS Mojave,"Operating system name, including the version or code name."
506-
1.5.0-dev,true,user_agent,os.full.text,text,extended,Mac OS Mojave,"Operating system name, including the version or code name."
506+
1.5.0-dev,true,user_agent,user_agent.os.full.text,text,extended,Mac OS Mojave,"Operating system name, including the version or code name."
507507
1.5.0-dev,true,user_agent,user_agent.os.kernel,keyword,extended,4.4.0-112-generic,Operating system kernel version as a raw string.
508508
1.5.0-dev,true,user_agent,user_agent.os.name,keyword,extended,Mac OS X,"Operating system name, without the version."
509-
1.5.0-dev,true,user_agent,os.name.text,text,extended,Mac OS X,"Operating system name, without the version."
509+
1.5.0-dev,true,user_agent,user_agent.os.name.text,text,extended,Mac OS X,"Operating system name, without the version."
510510
1.5.0-dev,true,user_agent,user_agent.os.platform,keyword,extended,darwin,"Operating system platform (such centos, ubuntu, windows)."
511511
1.5.0-dev,true,user_agent,user_agent.os.version,keyword,extended,10.14.1,Operating system version as a raw string.
512512
1.5.0-dev,true,user_agent,user_agent.version,keyword,extended,12.0,Version of the user agent.

0 commit comments

Comments
 (0)