Rename the field to the more terse os.type

elastic · Nov 12, 2020 · 298ece3 · 298ece3
1 parent 32e8489
commit 298ece3
Show file tree

Hide file tree

Showing 14 changed files with 443 additions and 435 deletions.
diff --git a/code/go/ecs/os.go b/code/go/ecs/os.go
diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc
@@ -3853,23 +3853,6 @@ The OS fields contain information about the operating system.
 
 // ===============================================================
 
-| os.commercial_family
-| Categorize the operating system in one of the broad commercial families.
-
-One of these following values should be used (lowercase): linux, macos, unix, windows.
-
-If the OS is not part of any of these families, the field should not be populated. Please let us know by opening an issue with ECS, to have it added to the list.
-
-type: keyword
-
-
-
-example: `macos`
-
-| extended
-
-// ===============================================================
-
 | os.family
 | OS family (such as redhat, debian, freebsd, windows).
 
@@ -3947,6 +3930,23 @@ example: `darwin`
 
 // ===============================================================
 
+| os.type
+| Use the `os.type` field to categorize the operating system in one of the broad commercial families.
+
+One of these following values should be used (lowercase): linux, macos, unix, windows.
+
+If the OS is not part of any of this list, the field should not be populated. Please let us know by opening an issue with ECS, to have it added to the list.
+
+type: keyword
+
+
+
+example: `macos`
+
+| extended
+
+// ===============================================================
+
 | os.version
 | Operating system version as a raw string.
 

diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml
@@ -2131,20 +2131,6 @@
         It can contain what `hostname` returns on Unix systems, the fully qualified
         domain name, or a name specified by the user. The sender decides which value
         to use.'
-    - name: os.commercial_family
-      level: extended
-      type: keyword
-      ignore_above: 1024
-      description: 'Categorize the operating system in one of the broad commercial
-        families.
-
-        One of these following values should be used (lowercase): linux, macos, unix,
-        windows.
-
-        If the OS is not part of any of these families, the field should not be populated.
-        Please let us know by opening an issue with ECS, to have it added to the list.'
-      example: macos
-      default_field: false
     - name: os.family
       level: extended
       type: keyword
@@ -2183,6 +2169,20 @@
       ignore_above: 1024
       description: Operating system platform (such centos, ubuntu, windows).
       example: darwin
+    - name: os.type
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Use the `os.type` field to categorize the operating system in
+        one of the broad commercial families.
+
+        One of these following values should be used (lowercase): linux, macos, unix,
+        windows.
+
+        If the OS is not part of any of this list, the field should not be populated.
+        Please let us know by opening an issue with ECS, to have it added to the list.'
+      example: macos
+      default_field: false
     - name: os.version
       level: extended
       type: keyword
@@ -2893,20 +2893,6 @@
 
         If no custom name is needed, the field can be left empty.'
       example: 1_proxySG
-    - name: os.commercial_family
-      level: extended
-      type: keyword
-      ignore_above: 1024
-      description: 'Categorize the operating system in one of the broad commercial
-        families.
-
-        One of these following values should be used (lowercase): linux, macos, unix,
-        windows.
-
-        If the OS is not part of any of these families, the field should not be populated.
-        Please let us know by opening an issue with ECS, to have it added to the list.'
-      example: macos
-      default_field: false
     - name: os.family
       level: extended
       type: keyword
@@ -2945,6 +2931,20 @@
       ignore_above: 1024
       description: Operating system platform (such centos, ubuntu, windows).
       example: darwin
+    - name: os.type
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Use the `os.type` field to categorize the operating system in
+        one of the broad commercial families.
+
+        One of these following values should be used (lowercase): linux, macos, unix,
+        windows.
+
+        If the OS is not part of any of this list, the field should not be populated.
+        Please let us know by opening an issue with ECS, to have it added to the list.'
+      example: macos
+      default_field: false
     - name: os.version
       level: extended
       type: keyword
@@ -3012,20 +3012,6 @@
     description: The OS fields contain information about the operating system.
     type: group
     fields:
-    - name: commercial_family
-      level: extended
-      type: keyword
-      ignore_above: 1024
-      description: 'Categorize the operating system in one of the broad commercial
-        families.
-
-        One of these following values should be used (lowercase): linux, macos, unix,
-        windows.
-
-        If the OS is not part of any of these families, the field should not be populated.
-        Please let us know by opening an issue with ECS, to have it added to the list.'
-      example: macos
-      default_field: false
     - name: family
       level: extended
       type: keyword
@@ -3064,6 +3050,20 @@
       ignore_above: 1024
       description: Operating system platform (such centos, ubuntu, windows).
       example: darwin
+    - name: type
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Use the `os.type` field to categorize the operating system in
+        one of the broad commercial families.
+
+        One of these following values should be used (lowercase): linux, macos, unix,
+        windows.
+
+        If the OS is not part of any of this list, the field should not be populated.
+        Please let us know by opening an issue with ECS, to have it added to the list.'
+      example: macos
+      default_field: false
     - name: version
       level: extended
       type: keyword
@@ -5708,20 +5708,6 @@
       description: Unparsed user_agent string.
       example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15
         (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
-    - name: os.commercial_family
-      level: extended
-      type: keyword
-      ignore_above: 1024
-      description: 'Categorize the operating system in one of the broad commercial
-        families.
-
-        One of these following values should be used (lowercase): linux, macos, unix,
-        windows.
-
-        If the OS is not part of any of these families, the field should not be populated.
-        Please let us know by opening an issue with ECS, to have it added to the list.'
-      example: macos
-      default_field: false
     - name: os.family
       level: extended
       type: keyword
@@ -5760,6 +5746,20 @@
       ignore_above: 1024
       description: Operating system platform (such centos, ubuntu, windows).
       example: darwin
+    - name: os.type
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Use the `os.type` field to categorize the operating system in
+        one of the broad commercial families.
+
+        One of these following values should be used (lowercase): linux, macos, unix,
+        windows.
+
+        If the OS is not part of any of this list, the field should not be populated.
+        Please let us know by opening an issue with ECS, to have it added to the list.'
+      example: macos
+      default_field: false
     - name: os.version
       level: extended
       type: keyword

diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv
@@ -243,14 +243,14 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 2.0.0-dev,true,host,host.ip,ip,core,array,,Host ip addresses.
 2.0.0-dev,true,host,host.mac,keyword,core,array,,Host mac addresses.
 2.0.0-dev,true,host,host.name,keyword,core,,,Name of the host.
-2.0.0-dev,true,host,host.os.commercial_family,keyword,extended,,macos,"Which commercial OS family (one of: linux, macos, unix or windows)."
 2.0.0-dev,true,host,host.os.family,keyword,extended,,debian,"OS family (such as redhat, debian, freebsd, windows)."
 2.0.0-dev,true,host,host.os.full,wildcard,extended,,Mac OS Mojave,"Operating system name, including the version or code name."
 2.0.0-dev,true,host,host.os.full.text,text,extended,,Mac OS Mojave,"Operating system name, including the version or code name."
 2.0.0-dev,true,host,host.os.kernel,keyword,extended,,4.4.0-112-generic,Operating system kernel version as a raw string.
 2.0.0-dev,true,host,host.os.name,wildcard,extended,,Mac OS X,"Operating system name, without the version."
 2.0.0-dev,true,host,host.os.name.text,text,extended,,Mac OS X,"Operating system name, without the version."
 2.0.0-dev,true,host,host.os.platform,keyword,extended,,darwin,"Operating system platform (such centos, ubuntu, windows)."
+2.0.0-dev,true,host,host.os.type,keyword,extended,,macos,"Which commercial OS family (one of: linux, macos, unix or windows)."
 2.0.0-dev,true,host,host.os.version,keyword,extended,,10.14.1,Operating system version as a raw string.
 2.0.0-dev,true,host,host.type,keyword,core,,,Type of host.
 2.0.0-dev,true,host,host.uptime,long,extended,,1325,Seconds the host has been up.
@@ -335,14 +335,14 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 2.0.0-dev,true,observer,observer.ip,ip,core,array,,IP addresses of the observer.
 2.0.0-dev,true,observer,observer.mac,keyword,core,array,,MAC addresses of the observer
 2.0.0-dev,true,observer,observer.name,keyword,extended,,1_proxySG,Custom name of the observer.
-2.0.0-dev,true,observer,observer.os.commercial_family,keyword,extended,,macos,"Which commercial OS family (one of: linux, macos, unix or windows)."
 2.0.0-dev,true,observer,observer.os.family,keyword,extended,,debian,"OS family (such as redhat, debian, freebsd, windows)."
 2.0.0-dev,true,observer,observer.os.full,wildcard,extended,,Mac OS Mojave,"Operating system name, including the version or code name."
 2.0.0-dev,true,observer,observer.os.full.text,text,extended,,Mac OS Mojave,"Operating system name, including the version or code name."
 2.0.0-dev,true,observer,observer.os.kernel,keyword,extended,,4.4.0-112-generic,Operating system kernel version as a raw string.
 2.0.0-dev,true,observer,observer.os.name,wildcard,extended,,Mac OS X,"Operating system name, without the version."
 2.0.0-dev,true,observer,observer.os.name.text,text,extended,,Mac OS X,"Operating system name, without the version."
 2.0.0-dev,true,observer,observer.os.platform,keyword,extended,,darwin,"Operating system platform (such centos, ubuntu, windows)."
+2.0.0-dev,true,observer,observer.os.type,keyword,extended,,macos,"Which commercial OS family (one of: linux, macos, unix or windows)."
 2.0.0-dev,true,observer,observer.os.version,keyword,extended,,10.14.1,Operating system version as a raw string.
 2.0.0-dev,true,observer,observer.product,keyword,extended,,s200,The product name of the observer.
 2.0.0-dev,true,observer,observer.serial_number,keyword,extended,,,Observer serial number.
@@ -697,14 +697,14 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 2.0.0-dev,true,user_agent,user_agent.name,keyword,extended,,Safari,Name of the user agent.
 2.0.0-dev,true,user_agent,user_agent.original,wildcard,extended,,"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1",Unparsed user_agent string.
 2.0.0-dev,true,user_agent,user_agent.original.text,text,extended,,"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1",Unparsed user_agent string.
-2.0.0-dev,true,user_agent,user_agent.os.commercial_family,keyword,extended,,macos,"Which commercial OS family (one of: linux, macos, unix or windows)."
 2.0.0-dev,true,user_agent,user_agent.os.family,keyword,extended,,debian,"OS family (such as redhat, debian, freebsd, windows)."
 2.0.0-dev,true,user_agent,user_agent.os.full,wildcard,extended,,Mac OS Mojave,"Operating system name, including the version or code name."
 2.0.0-dev,true,user_agent,user_agent.os.full.text,text,extended,,Mac OS Mojave,"Operating system name, including the version or code name."
 2.0.0-dev,true,user_agent,user_agent.os.kernel,keyword,extended,,4.4.0-112-generic,Operating system kernel version as a raw string.
 2.0.0-dev,true,user_agent,user_agent.os.name,wildcard,extended,,Mac OS X,"Operating system name, without the version."
 2.0.0-dev,true,user_agent,user_agent.os.name.text,text,extended,,Mac OS X,"Operating system name, without the version."
 2.0.0-dev,true,user_agent,user_agent.os.platform,keyword,extended,,darwin,"Operating system platform (such centos, ubuntu, windows)."
+2.0.0-dev,true,user_agent,user_agent.os.type,keyword,extended,,macos,"Which commercial OS family (one of: linux, macos, unix or windows)."
 2.0.0-dev,true,user_agent,user_agent.os.version,keyword,extended,,10.14.1,Operating system version as a raw string.
 2.0.0-dev,true,user_agent,user_agent.version,keyword,extended,,12.0,Version of the user agent.
 2.0.0-dev,true,vulnerability,vulnerability.category,keyword,extended,array,"[""Firewall""]",Category of a vulnerability.