This page references the various types of data fields utilized by the Elastic Stack in Security Onion.
We try to align with Elastic Common Schema (ECS) where possible.
Note
For more information about ECS, please see https://www.elastic.co/guide/en/ecs/current/ecs-reference.html
Fields are mapped to their proper type using template files found in /opt/so/conf/elasticsearch/templates/.