--- name: process fields: base: fields: "@timestamp": {} labels: {} message: {} host: fields: os: fields: platform: {} name: {} version: {} ip: {} hostname: {} name: {} event: fields: id: {} module: {} dataset: {} action: {} kind: {} category: {} type: {} agent: fields: version: {} type: {} id: {} user: fields: group: fields: id: {} name: {} id: {} name: {} process: fields: pid: {} ppid: {} name: {} executable: {} args: {} thread: fields: id: {} hash: fields: md5: {} sha1: {} sha256: {} endgame: fields: serial_event_id: {} opcode: {} event_type_full: {} event_subtype_full: {} timestamp: {} timestamp_utc: {} event_message: {} unknown_properties: {} pid: {} process_path: {} process_name: {} unique_pid: {} user_name: {} user_domain: {} user_sid: {} tid: {} real_user_name: {} effective_user_name: {} real_group_name: {} effective_group_name: {} real_uid: {} effective_uid: {} real_gid: {} effective_gid: {} ppid: {} exit_code: {} command_line: {} parent_process_name: {} parent_process_path: {} md5: {} sha1: {} sha256: {} unique_ppid: {} authentication_id: {} package_name: {} signature_signer: {} signature_status: {} original_file_name: {} integrity_level: {} elevated: {} elevation_type: {} true_ppid: {} unique_true_ppid: {} session_id: {} exit_code_full: {}