--- name: network fields: base: fields: "@timestamp": {} labels: {} message: {} host: fields: os: fields: platform: {} name: {} version: {} ip: {} hostname: {} name: {} event: fields: id: {} module: {} dataset: {} action: {} kind: {} category: {} type: {} agent: fields: version: {} type: {} id: {} network: fields: transport: {} protocol: {} community_id: {} bytes: {} packets: {} source: fields: address: {} ip: {} port: {} bytes: {} packets: {} destination: fields: address: {} ip: {} port: {} bytes: {} packets: {} endgame: fields: serial_event_id: {} opcode: {} event_type_full: {} event_subtype_full: {} timestamp: {} timestamp_utc: {} event_message: {} unknown_properties: {} pid: {} process_path: {} process_name: {} unique_pid: {} user_name: {} user_domain: {} user_sid: {} tid: {} real_user_name: {} effective_user_name: {} real_group_name: {} effective_group_name: {} real_uid: {} effective_uid: {} real_gid: {} effective_gid: {} # end of generic stuff protocol: {} connection_id: {} destination_address: {} destination_port: {} source_port: {} source_address: {} out_bytes: {} in_bytes: {} sequence_number: {} partial_flow: {} total_in_bytes: {} total_out_bytes: {} in_packet_count: {} out_packet_count: {} in_bytes_mean: {} out_bytes_mean: {} in_bytes_standard_deviation: {} out_bytes_standard_deviation: {} in_interval_mean: {} out_interval_mean: {} in_interval_standard_deviation: {} out_interval_standard_deviation: {} event_id: {} task: {} size: {} http_request: {}