1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Licensed to Elasticsearch B.V. under one or more contributor
# license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright
# ownership. Elasticsearch B.V. licenses this file to you under
# the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
- name: interface
title: Interface
group: 2
short: Fields to describe observer interface information.
description: >
The interface fields are used to record ingress and egress interface information when
reported by an observer (e.g. firewall, router, load balancer) in the context of the
observer handling a network connection. In the case of a single observer interface
(e.g. network sensor on a span port) only the observer.ingress information should be
populated.
reusable:
top_level: false
expected:
- observer.ingress
- observer.egress
type: group
fields:
- name: id
level: extended
type: keyword
short: Interface ID
example: 10
description: >
Interface ID as reported by an observer (typically SNMP interface ID).
- name: name
level: extended
type: keyword
short: Interface name
example: eth0
description: >
Interface name as reported by the system.
- name: alias
level: extended
type: keyword
short: Interface alias
example: outside
description: >
Interface alias as reported by the system, typically used in firewall implementations for e.g.
inside, outside, or dmz logical interface naming.