ecs_types 0.2.0

Rust types mapping to the elasticsearch common schema
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

# Licensed to Elasticsearch B.V. under one or more contributor
# license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright
# ownership. Elasticsearch B.V. licenses this file to you under
# the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# 	http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
---
- name: http
  title: HTTP
  group: 2
  short: Fields describing an HTTP request.
  description: >
    Fields related to HTTP activity. Use the `url` field set to store the url of the request.
  type: group
  fields:

    - name: request.id
      level: extended
      type: keyword
      short: HTTP request ID.
      description: >
        A unique identifier for each HTTP request to correlate logs between clients
        and servers in transactions.

        The id may be contained in a non-standard HTTP header, such as `X-Request-ID`
        or `X-Correlation-ID`.

      example: 123e4567-e89b-12d3-a456-426614174000

    - name: request.method
      level: extended
      type: keyword
      short: HTTP request method.
      description: >
        HTTP request method.

        The value should retain its casing from the original event.
        For example, `GET`, `get`, and `GeT` are all considered valid values
        for this field.

      example: POST

    - name: request.mime_type
      level: extended
      type: keyword
      short: Mime type of the body of the request.
      description: >
       Mime type of the body of the request.

       This value must only be populated based on the content of the request
       body, not on the `Content-Type` header. Comparing the mime type of a
       request with the request's Content-Type header can be helpful in detecting
       threats or misconfigured clients.

      example: image/gif

    - name: request.body.content
      level: extended
      type: wildcard
      description: >
        The full HTTP request body.
      example: Hello world
      multi_fields:
        - type: match_only_text
          name: text

    - name: request.referrer
      level: extended
      type: keyword
      description: >
        Referrer for this HTTP request.
      example: https://blog.example.com/

    - name: response.status_code
      format: string
      level: extended
      type: long
      description: >
        HTTP response status code.
      example: 404

    - name: response.mime_type
      level: extended
      type: keyword
      short: Mime type of the body of the response.
      description: >
       Mime type of the body of the response.

       This value must only be populated based on the content of the response
       body, not on the `Content-Type` header. Comparing the mime type of a
       response with the response's Content-Type header can be helpful in detecting
       misconfigured servers.

      example: image/gif

    - name: response.body.content
      level: extended
      type: wildcard
      description: >
        The full HTTP response body.
      example: Hello world
      multi_fields:
        - type: match_only_text
          name: text

    - name: version
      level: extended
      type: keyword
      description: >
        HTTP version.
      example: 1.1

    # Metrics
    - name: request.bytes
      level: extended
      type: long
      format: bytes
      description: >
        Total size in bytes of the request (body and headers).
      example: 1437

    - name: request.body.bytes
      level: extended
      type: long
      format: bytes
      description: >
        Size in bytes of the request body.
      example: 887

    - name: response.bytes
      level: extended
      type: long
      format: bytes
      description: >
        Total size in bytes of the response (body and headers).
      example: 1437

    - name: response.body.bytes
      level: extended
      type: long
      format: bytes
      description: >
        Size in bytes of the response body.
      example: 887