diff --git a/CHANGELOG.md b/CHANGELOG.md
index 12bd9b1050..488c4b8d78 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@ All notable changes to this project will be documented in this file based on the
of being a nesting of the field set. This goes against a driving principle of ECS,
and has been corrected. #308
* Replaced incorrect examples in `cloud.provider`. #330
+* Changed the `url.port` type to `long`. #339
### Added
diff --git a/README.md b/README.md
index 42112ba8b8..ebed75c8e6 100644
--- a/README.md
+++ b/README.md
@@ -519,7 +519,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki
| url.full | If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. | extended | keyword | `https://www.elastic.co:443/search?q=elasticsearch#top` |
| url.scheme | Scheme of the request, such as "https".
Note: The `:` is not part of the scheme. | extended | keyword | `https` |
| url.domain | Domain of the url, such as "www.elastic.co".
In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. | extended | keyword | `www.elastic.co` |
-| url.port | Port of the request, such as 443. | extended | integer | `443` |
+| url.port | Port of the request, such as 443. | extended | long | `443` |
| url.path | Path of the request, such as "/search". | extended | keyword | |
| url.query | The query field describes the query string of the request, such as "q=elasticsearch".
The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. | extended | keyword | |
| url.fragment | Portion of the url after the `#`, such as "top".
The `#` is not part of the fragment. | extended | keyword | |
diff --git a/code/go/ecs/url.go b/code/go/ecs/url.go
index e237804053..5c7f413892 100644
--- a/code/go/ecs/url.go
+++ b/code/go/ecs/url.go
@@ -45,7 +45,7 @@ type Url struct {
Domain string `ecs:"domain"`
// Port of the request, such as 443.
- Port int32 `ecs:"port"`
+ Port int64 `ecs:"port"`
// Path of the request, such as "/search".
Path string `ecs:"path"`
diff --git a/fields.yml b/fields.yml
index ead652527d..917035411c 100644
--- a/fields.yml
+++ b/fields.yml
@@ -1699,7 +1699,7 @@
- name: port
level: extended
- type: integer
+ type: long
description: >
Port of the request, such as 443.
example: 443
diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv
index 61beca9852..bd543b44fb 100644
--- a/generated/csv/fields.csv
+++ b/generated/csv/fields.csv
@@ -247,7 +247,7 @@ url.full,keyword,extended,https://www.elastic.co:443/search?q=elasticsearch#top,
url.original,keyword,extended,https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch,1.1.0-dev
url.password,keyword,extended,,1.1.0-dev
url.path,keyword,extended,,1.1.0-dev
-url.port,integer,extended,443,1.1.0-dev
+url.port,long,extended,443,1.1.0-dev
url.query,keyword,extended,,1.1.0-dev
url.scheme,keyword,extended,https,1.1.0-dev
url.username,keyword,extended,,1.1.0-dev
diff --git a/generated/ecs/fields_flat.yml b/generated/ecs/fields_flat.yml
index 76f4e401f7..d82ee97028 100644
--- a/generated/ecs/fields_flat.yml
+++ b/generated/ecs/fields_flat.yml
@@ -2505,7 +2505,7 @@ url.port:
level: extended
name: port
short: Port of the request, such as 443.
- type: integer
+ type: long
url.query:
description: 'The query field describes the query string of the request, such as
"q=elasticsearch".
diff --git a/generated/ecs/fields_nested.yml b/generated/ecs/fields_nested.yml
index 5306c3413d..ff0c0add8e 100644
--- a/generated/ecs/fields_nested.yml
+++ b/generated/ecs/fields_nested.yml
@@ -1980,7 +1980,7 @@ url:
level: extended
name: port
short: Port of the request, such as 443.
- type: integer
+ type: long
query:
description: 'The query field describes the query string of the request, such
as "q=elasticsearch".
diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json
index d072c0501d..68bee03e61 100644
--- a/generated/elasticsearch/6/template.json
+++ b/generated/elasticsearch/6/template.json
@@ -1148,7 +1148,7 @@
"type": "keyword"
},
"port": {
- "type": "integer"
+ "type": "long"
},
"query": {
"ignore_above": 1024,
diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json
index 91c4083ca0..6647298cce 100644
--- a/generated/elasticsearch/7/template.json
+++ b/generated/elasticsearch/7/template.json
@@ -1147,7 +1147,7 @@
"type": "keyword"
},
"port": {
- "type": "integer"
+ "type": "long"
},
"query": {
"ignore_above": 1024,
diff --git a/generated/legacy/schema.csv b/generated/legacy/schema.csv
index 5272976113..f29546f51a 100644
--- a/generated/legacy/schema.csv
+++ b/generated/legacy/schema.csv
@@ -162,7 +162,7 @@ url.full,keyword,extended,https://www.elastic.co:443/search?q=elasticsearch#top
url.original,keyword,extended,https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch
url.password,keyword,extended,
url.path,keyword,extended,
-url.port,integer,extended,443
+url.port,long,extended,443
url.query,keyword,extended,
url.scheme,keyword,extended,https
url.username,keyword,extended,
diff --git a/schema.json b/schema.json
index 75005384f6..4540165d1e 100644
--- a/schema.json
+++ b/schema.json
@@ -1856,7 +1856,7 @@
"level": "extended",
"name": "url.port",
"required": false,
- "type": "integer"
+ "type": "long"
},
"url.query": {
"description": "The query field describes the query string of the request, such as \"q=elasticsearch\".\nThe `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases.",
diff --git a/schemas/url.yml b/schemas/url.yml
index 6b34781a22..2f134a6414 100644
--- a/schemas/url.yml
+++ b/schemas/url.yml
@@ -56,7 +56,7 @@
- name: port
level: extended
- type: integer
+ type: long
description: >
Port of the request, such as 443.
example: 443