Clarify network definition #197
Conversation
README.md
Outdated
| @@ -278,7 +278,7 @@ Fields which are specific to log events. | |||
|
|
|||
| ## <a name="network"></a> Network fields | |||
|
|
|||
| Fields related to network data. | |||
| The network is defined as the communication path over which a host or network event happens. Network events do not include the transmission of an event from a host or device to the Elastic Stack. The network.* fields should be populated with details about the network activity associated with an event. | |||
There was a problem hiding this comment.
Do we need to specify the to Elastic Stack part? It could be that someone monitors exactly that with a tool and then these events would be part of it.
There was a problem hiding this comment.
Thanks @ruflin good question.
This sentence was added to clarify some early scoping questions I received about whether details about the networking gear that was simply transporting the event to the log collection entity were to be included in ECS. They are not expected to be included.
Your point about networking gear in general (as ECS devices) is accurate, and this sentence is not attempting to comment about them. I'll try to clarify, give an example, or just remove.
There was a problem hiding this comment.
Decided to remove the offending sentence :-)
There was a problem hiding this comment.
Perhaps another way of phrasing it could simply have been that this is not about the pipeline, but about the activity being observed or monitored.
If you're fine without that clarification, we can go with that as well.
MikePaquette
force-pushed
the
network-mods
branch
from
07af2da
to
a4a8d0b
Compare
* Clarify network definition * Updated CHANGELOG.md * remove sentence about path exclusion
Added detail about network fields, specifically that these fields can be populated for both network and host-based events.