Data Fields

weslambert edited this page Feb 20, 2018 · 3 revisions

Introduction

This page references the various types of data fields utilized by Security Onion on the Elastic Stack.

The various fields types are described below.

Fields

Alert Data
Bro
Elastalert

Template files

Fields are mapped to their proper type using template files, found in /etc/logstash/. The current template files include:

logstash-template.json - mapping information for logs going into logstash-* indices
beats-template.json - mapping information for logs going into logstash-beats-* indices.

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.