New

The executive guide to generative AI

Read more

Orchestrator Fields

edit

Fields that describe the resources which container orchestrators manage or act upon.

Orchestrator Field Details

edit
Field Description Level

orchestrator.api_version

API version being used to carry out the action

type: keyword

example: v1beta1

extended

orchestrator.cluster.id

Unique ID of the cluster.

type: keyword

extended

orchestrator.cluster.name

Name of the cluster.

type: keyword

extended

orchestrator.cluster.url

URL of the API used to manage the cluster.

type: keyword

extended

orchestrator.cluster.version

The version of the cluster.

type: keyword

extended

orchestrator.namespace

Namespace in which the action is taking place.

type: keyword

example: kube-system

extended

orchestrator.organization

Organization affected by the event (for multi-tenant orchestrator setups).

type: keyword

example: elastic

extended

orchestrator.resource.id

Unique ID of the resource being acted upon.

type: keyword

extended

orchestrator.resource.ip

IP address assigned to the resource associated with the event being observed. In the case of a Kubernetes Pod, this array would contain only one element: the IP of the Pod (as opposed to the Node on which the Pod is running).

type: ip

Note: this field should contain an array of values.

extended

orchestrator.resource.name

Name of the resource being acted upon.

type: keyword

example: test-pod-cdcws

extended

orchestrator.resource.parent.type

Type or kind of the parent resource associated with the event being observed. In Kubernetes, this will be the name of a built-in workload resource (e.g., Deployment, StatefulSet, DaemonSet).

type: keyword

example: DaemonSet

extended

orchestrator.resource.type

Type of resource being acted upon.

type: keyword

example: service

extended

orchestrator.type

Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry).

type: keyword

example: kubernetes

extended

Was this helpful?
Feedback