Orchestrator Fields

edit

Fields that describe the resources which container orchestrators manage or act upon.

Orchestrator Field Details

edit
Field Description Level

orchestrator.api_version

API version being used to carry out the action

type: keyword

example: v1beta1

extended

orchestrator.cluster.id

Unique ID of the cluster.

type: keyword

extended

orchestrator.cluster.name

Name of the cluster.

type: keyword

extended

orchestrator.cluster.url

URL of the API used to manage the cluster.

type: keyword

extended

orchestrator.cluster.version

The version of the cluster.

type: keyword

extended

orchestrator.namespace

Namespace in which the action is taking place.

type: keyword

example: kube-system

extended

orchestrator.organization

Organization affected by the event (for multi-tenant orchestrator setups).

type: keyword

example: elastic

extended

orchestrator.resource.id

Unique ID of the resource being acted upon.

type: keyword

extended

orchestrator.resource.ip

IP address assigned to the resource associated with the event being observed. In the case of a Kubernetes Pod, this array would contain only one element: the IP of the Pod (as opposed to the Node on which the Pod is running).

type: ip

Note: this field should contain an array of values.

extended

orchestrator.resource.name

Name of the resource being acted upon.

type: keyword

example: test-pod-cdcws

extended

orchestrator.resource.parent.type

Type or kind of the parent resource associated with the event being observed. In Kubernetes, this will be the name of a built-in workload resource (e.g., Deployment, StatefulSet, DaemonSet).

type: keyword

example: DaemonSet

extended

orchestrator.resource.type

Type of resource being acted upon.

type: keyword

example: service

extended

orchestrator.type

Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry).

type: keyword

example: kubernetes

extended