IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Group Fieldsedit
The group fields are meant to represent groups that are relevant to the event.
Group Field Detailsedit
Field | Description | Level |
---|---|---|
group.domain |
Name of the directory the group is a member of. For example, an LDAP or Active Directory domain name. type: keyword |
extended |
group.id |
Unique identifier for the group on the system/platform. type: keyword |
extended |
group.name |
Name of the group. type: keyword |
extended |
Field Reuseedit
The group
fields are expected to be nested at: user.group
.
Note also that the group
fields may be used directly at the top level.