.. _data-fields:

Data Fields
===========

This page references the various types of data fields utilized by the Elastic Stack in Security Onion.

ECS
---

We try to align with Elastic Common Schema (ECS) where possible.

.. note::

    For more information about ECS, please see https://www.elastic.co/guide/en/ecs/current/ecs-reference.html

Fields
------

| :ref:`alert-data-fields`
| :ref:`elastalert-fields`
| :ref:`zeek-fields`

Template files
--------------

Fields are mapped to their proper type using template files found in ``/opt/so/conf/elasticsearch/templates/``.