Skip to content

[Docs] Converting a Custom Implementation Update #1129

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#1146
Closed
[Docs] Converting a Custom Implementation Update#1129
#1146
Labels
readyIssues we'd like to address in the future.
@jamiehynds

Description

@jamiehynds
jamiehynds
opened on Nov 17, 2020

The 'converting a custom implementation update' doc uses 'event.type: syslog' as an example, which isn't an allowed value.

We should use an allowed value in our example and take this page a step further by walking though mapping a sample log to both extended and core ECS fields.

Metadata

Assignees

No one assigned

    Labels

    readyIssues we'd like to address in the future.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions