custom_subsets/elastic_endpoint/collection/collection.yaml (28 lines of code) (raw):
---
name: collection
fields:
base:
fields:
"@timestamp": {}
data_stream:
fields: "*"
ecs:
fields:
version: {}
event:
fields:
action: {}
category: {}
created: {}
code: {}
dataset: {}
hash: {}
id: {}
ingested: {}
kind: {}
module: {}
outcome: {}
provider: {}
sequence: {}
severity: {}
type: {}