« Geo Fields Hash Fields »
Elastic Docs Elastic Common Schema (ECS) Reference [8.16] ECS Field Reference

Group Fields

edit

Group Fields

edit

The group fields are meant to represent groups that are relevant to the event.

Group Field Details

edit
Field Description Level

group.domain

Name of the directory the group is a member of.

For example, an LDAP or Active Directory domain name.

type: keyword

extended

group.id

Unique identifier for the group on the system/platform.

type: keyword

extended

group.name

Name of the group.

type: keyword

extended

Field Reuse

edit

The group fields are expected to be nested at:

  • process.attested_groups
  • process.group
  • process.real_group
  • process.saved_group
  • process.supplemental_groups
  • user.group

Note also that the group fields may be used directly at the root of the events.

« Geo Fields Hash Fields »