- Stage: 0 (strawperson)
- Date: 2020-09-08
Many sources populating event host.* fields have different behaviors in how the host values are set. This can cause confusion, complexity, and frustration for users expecting to easily identify unique hosts in their environments. This RFC proposes establishing a common convention to ensure more consistent mapping of these host identifier fields.
At the time of writing, the following are several known challenges caused by these inconsistencies:
- Confusion between the
host.nameandhost.hostnamefields - Unicity problems in raw hostnames. This can be common with workstations on certain OSes, for example a fleet of "MacBook-Pro.local"
- Unicity problems in host.ids (e.g. misconfigured config management tools, machine images, disk snapshots, etc.)
- Usage of unqualified vs. fully-qualified hostnames in the same fields (by different data sources) leads to host duplication
The following are the people that consulted on the contents of this RFC.
- @ebeahan | author
- @webmat | co-author
- Stage 0: #955