Skip to content

Commit

Permalink
Adds a script that generates a JSON representation of the ECS schema (e…
Browse files Browse the repository at this point in the history 
…lastic#261)

The document has the following format:

* The root-level keys are ECS namespace `name`s
* Every root-level value is an object containing the properties of a namespace
* Every namespace object contains a `fields` object, where each key is the `name` of the field, and the value is an object containing the properties of the field
  * In there, the field names are written in full and flattened (e.g. `agent.id`, not merely `id`)

A sample root-level object for the `agent` namespace:

```
{
    "description": "The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken.\n",
    "fields": {
      "agent.ephemeral_id": {
        "description": "Ephemeral identifier of this agent (if one exists).\nThis id normally changes across restarts, but `agent.id` does not.",
        "example": "8a4f500f",
        "footnote": "",
        "group": 2,
        "level": "extended",
        "name": "agent.ephemeral_id",
        "required": false,
        "type": "keyword"
      },
      "agent.id": {
        "description": "Unique identifier of this agent (if one exists).\nExample: For Beats this would be beat.id.",
        "example": "8a4f500d",
        "footnote": "",
        "group": 2,
        "level": "core",
        "name": "agent.id",
        "required": false,
        "type": "keyword"
      },
      "agent.name": {
        "description": "Name of the agent.\nThis is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from.\nIf no name is given, the name is often left empty.",
        "example": "foo",
        "footnote": "",
        "group": 2,
        "level": "core",
        "name": "agent.name",
        "required": false,
        "type": "keyword"
      },
      "agent.type": {
        "description": "Type of the agent.\nThe agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.",
        "example": "filebeat",
        "footnote": "",
        "group": 2,
        "level": "core",
        "name": "agent.type",
        "required": false,
        "type": "keyword"
      },
      "agent.version": {
        "description": "Version of the agent.",
        "example": "6.0.0-rc2",
        "footnote": "",
        "group": 2,
        "level": "core",
        "name": "agent.version",
        "required": false,
        "type": "keyword"
      }
    },
    "group": 2,
    "name": "agent",
    "title": "Agent",
    "type": "group"
  }
```
  • Loading branch information
@andrew-goldstein @webmat
andrew-goldstein authored and webmat committed Jan 4, 2019
1 parent 1863bf4 commit 41bac2c
Show file tree
Hide file tree
Showing 3 changed files with 2,066 additions and 1 deletion.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ check-license-headers:
# Clean deletes all temporary and generated content.
.PHONY: clean
clean:
rm -rf schema.csv schema.md fields.yml build
rm -rf schema.csv schema.md schema.json fields.yml build
# Clean all markdown files for use-cases
find ./use-cases -type f -name '*.md' -not -name 'README.md' -print0 | xargs -0 rm --

Expand Down
Loading

0 comments on commit 41bac2c

Please sign in to comment.