New

The executive guide to generative AI

Read more

User Fields

edit

The user fields describe information about the user that is relevant to the event.

Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them.

User Field Details

edit
Field Description Level

user.domain

Name of the directory the user is a member of.

For example, an LDAP or Active Directory domain name.

type: keyword

extended

user.email

User email address.

type: keyword

extended

user.full_name

User’s full name, if available.

type: keyword

Multi-fields:

* user.full_name.text (type: text)

example: Albert Einstein

extended

user.hash

Unique user hash to correlate information for a user in anonymized form.

Useful if user.id or user.name contain confidential information and cannot be used.

type: keyword

extended

user.id

Unique identifiers of the user.

type: keyword

core

user.name

Short name or login of the user.

type: keyword

Multi-fields:

* user.name.text (type: text)

example: albert

core

Field Reuse

edit

The user fields are expected to be nested at: client.user, destination.user, host.user, server.user, source.user.

Note also that the user fields may be used directly at the top level.

Field sets that can be nested under User

edit
Nested fields Description

user.group.*

User’s group relevant to the event.

Was this helpful?
Feedback