New

The executive guide to generative AI

Read more

Volume Fields

edit

Fields related to storage volume details.

These fields are beta and are subject to change.

Volume Field Details

edit
Field Description Level

volume.bus_type

Bus type of the device, such as Nvme, Usb, or FileBackedVirtual.

type: keyword

example: FileBackedVirtual

extended

volume.default_access

Describes the default access(es) of the volume.

type: keyword

extended

volume.device_name

Full path of the volume device.

Only populate this field for POSIX system volumes.

type: keyword

extended

volume.device_type

Volume device type.

The most frequently seen volume device types are Disk File System and CD-ROM File System.

type: keyword

example: CD-ROM File System

extended

volume.dos_name

The MS-DOS name of a device.

DOS device name is in the format of driver letters, such as C:. The field is relevant to Windows systems only.

type: keyword

example: E:

extended

volume.file_system_type

Volume device file system type.

The most common volume file system types are NTFS and UDF.

type: keyword

extended

volume.mount_name

Mount name of the volume device.

Only populate this field for POSIX system volumes.

type: keyword

extended

volume.nt_name

The NT device name.

NT device name uses a format of \Device\HarddiskVolume2. The field is relevant to Windows systems only.

type: keyword

example: \Device\Cdrom1

extended

volume.product_id

ProductID of the device.

The vendor provides the ProductID for the volume, if any.

type: keyword

extended

volume.product_name

Product name of the volume.

The volume device vendor provides this value.

type: keyword

example: Virtual DVD-ROM

extended

volume.removable

Indicates if the volume is removable.

type: boolean

extended

volume.serial_number

Serial number identifier for the volume device.

The serial number is provided by the vendor of the device, if any.

type: keyword

extended

volume.size

Size of the volume device in bytes.

type: long

extended

volume.vendor_id

VendorID of the volume device.

The volume device vendor provides this value.

type: keyword

extended

volume.vendor_name

Vendor name of the volume device.

The value is provided by the vendor of the device.

type: keyword

example: Msft

extended

volume.writable

Indicates if the volume is writable.

type: boolean

extended

Was this helpful?
Feedback