custom_subsets/elastic_endpoint/process/linux_event_model

--- name: linux_event_model fields: base: fields: "@timestamp": {} "message": {} data_stream: fields: "*" agent: fields: ephemeral_id: {} id: {} name: {} type: {} version: {} container: fields: id: {} image: fields: name: {} tag: {} hash: fields: all: {} name: {} cloud: fields: account: fields: id: {} instance: fields: name: {} project: fields: id: {} provider: {} region: {} group: fields: id: {} name: {} host: fields: boot: fields: id: {} pid_ns_ino: {} orchestrator: fields: cluster: fields: id: {} name: {} namespace: {} resource: fields: ip: {} name: {} type: {} parent: fields: type: {} process: fields: args: {} args_count: {} command_line: {} entity_id: {} env_vars: {} executable: {} interactive: {} name: {} pid: {} previous: fields: args: {} args_count: {} executable: {} start: {} tty: fields: char_device: fields: major: {} minor: {} rows: {} columns: {} io: fields: text: {} total_bytes_captured: {} total_bytes_skipped: {} max_bytes_per_process_exceeded: {} user: fields: id: {} name: {} working_directory: {} real_user: fields: id: {} name: {} saved_user: fields: id: {} name: {} real_group: fields: id: {} name: {} saved_group: fields: id: {} name: {} supplemental_groups: fields: id: {} name: {} parent: fields: args: {} args_count: {} command_line: {} entity_id: {} executable: {} group_leader: fields: entity_id: {} pid: {} start: {} interactive: {} name: {} pid: {} start: {} tty: fields: char_device: fields: major: {} minor: {} working_directory: {} user: fields: id: {} name: {} real_user: fields: id: {} name: {} saved_user: fields: id: {} name: {} group: fields: id: {} name: {} real_group: fields: id: {} name: {} saved_group: fields: id: {} name: {} supplemental_groups: fields: id: {} name: {} entry_leader: fields: args: {} args_count: {} command_line: {} entity_id: {} entry_meta: fields: type: {} source: fields: ip: {} executable: {} interactive: {} name: {} parent: fields: entity_id: {} pid: {} start: {} session_leader: fields: entity_id: {} pid: {} start: {} pid: {} same_as_process: {} start: {} tty: fields: char_device: fields: major: {} minor: {} working_directory: {} user: fields: id: {} name: {} real_user: fields: id: {} name: {} saved_user: fields: id: {} name: {} group: fields: id: {} name: {} real_group: fields: id: {} name: {} saved_group: fields: id: {} name: {} supplemental_groups: fields: id: {} name: {} attested_user: fields: id: {} name: {} attested_groups: fields: name: {} session_leader: fields: args: {} args_count: {} command_line: {} entity_id: {} executable: {} interactive: {} name: {} pid: {} same_as_process: {} start: {} tty: fields: char_device: fields: major: {} minor: {} working_directory: {} parent: fields: entity_id: {} pid: {} start: {} session_leader: fields: entity_id: {} pid: {} start: {} user: fields: id: {} name: {} real_user: fields: id: {} name: {} saved_user: fields: id: {} name: {} group: fields: id: {} name: {} real_group: fields: id: {} name: {} saved_group: fields: id: {} name: {} supplemental_groups: fields: id: {} name: {} group_leader: fields: args: {} args_count: {} command_line: {} entity_id: {} executable: {} interactive: {} name: {} pid: {} same_as_process: {} start: {} tty: fields: char_device: fields: major: {} minor: {} working_directory: {} user: fields: id: {} name: {} real_user: fields: id: {} name: {} saved_user: fields: id: {} name: {} group: fields: id: {} name: {} real_group: fields: id: {} name: {} saved_group: fields: id: {} name: {} supplemental_groups: fields: id: {} name: {} user: fields: id: {} name: {}

custom_subsets/elastic_endpoint/process/linux_event_model_event.yaml (350 lines of code) (raw):