Migration of apache2 error fileset to ECS (elastic#8963)

* Migration of apache2 error fileset to ECS Fields migrated: * apache.error.level -> log.level * apache.error.message -> message * apache.error.pid -> process.pid * apache.error.tid -> process.tid * apache.error.client -> source.ip Other changes * Changelog updated * Migration file updated * Field alias added for the old fields * Test outputs updated * Fix source.ip to be IP only. Before had a HOSTORIP pattern. Note: The ECS fields used were on purpose only put on the module level and are put into filebeat or libbeat when they are used in more then 1 place.
DStape · Dec 18, 2018 · 9b5db5c · 9b5db5c
1 parent b7a0d79
commit 9b5db5c
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/docs/fields.asciidoc b/docs/fields.asciidoc
@@ -2974,6 +2974,17 @@ Source fields describe details about the source of a packet/event. Source fields
 
 
 
+*`source.address`*::
++
+--
+type: keyword
+
+Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket.  You should always store the raw address in the `.address` field.
+Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.
+
+
+--
+
 *`source.ip`*::
 +
 --