Data Fields
This page references the various types of data fields utilized by the Elastic Stack in Security Onion.
ECS
We try to align with Elastic Common Schema (ECS) where possible.
Note
For more information about ECS, please see https://www.elastic.co/guide/en/ecs/current/ecs-reference.html
Fields
Template files
Fields are mapped to their proper type using template files found in /opt/so/conf/elasticsearch/templates/.