--- name: registry fields: base: fields: "@timestamp": {} labels: {} message: {} host: fields: os: fields: platform: {} name: {} version: {} ip: {} hostname: {} name: {} event: fields: id: {} module: {} dataset: {} action: {} kind: {} category: {} type: {} agent: fields: version: {} type: {} id: {} endgame: fields: serial_event_id: {} opcode: {} event_type_full: {} event_subtype_full: {} timestamp: {} timestamp_utc: {} event_message: {} unknown_properties: {} pid: {} process_path: {} process_name: {} unique_pid: {} user_name: {} user_domain: {} user_sid: {} tid: {} real_user_name: {} effective_user_name: {} real_group_name: {} effective_group_name: {} real_uid: {} effective_uid: {} real_gid: {} effective_gid: {} # end of generic stuff key_path: {} key_type: {} bytes_written_count: {} bytes_written: {} bytes_written_u32: {} bytes_written_u64: {} bytes_written_string: {} bytes_written_string_list: {}