Elastic Stack Field Listing: wl_*
The following is a complete list of all Data Set Fields aggregated into the "wl_*" top level indices aggregation.
name | type |
_id | string |
_index | string |
_score | number |
_source | _source |
_type | string |
@timestamp | date |
area_code | string |
area_code.keyword | string |
attacker_server | string |
attacker_server.keyword | string |
attribution | string |
attribution.keyword | string |
beat.hostname | string |
beat.hostname.keyword | string |
beat.name | string |
beat.name.keyword | string |
city | string |
city.keyword | string |
comment | string |
comment.keyword | string |
confidence | number |
context | string |
context.keyword | string |
count_rec | number |
country | string |
country.keyword | string |
cs_asn | string |
cs_asn.keyword | string |
cs_bytes | string |
cs_bytes.keyword | string |
cs_cookie | string |
cs_cookie.keyword | string |
cs_host | string |
cs_host.keyword | string |
cs_method | string |
cs_method.keyword | string |
cs_referrer | string |
cs_referrer.keyword | string |
cs_ua | string |
cs_ua.keyword | string |
cs_uri_query | string |
cs_uri_query.keyword | string |
cs_uri_stem | string |
cs_uri_stem.keyword | string |
cs_username | string |
cs_username.keyword | string |
cs_version | string |
cs_version.keyword | string |
cs_whois | string |
cs_whois.keyword | string |
cve_id | string |
cve_id.keyword | string |
description | string |
description.keyword | string |
detection | number |
detection_name | string |
detection_name.keyword | string |
detection_shortname | string |
detection_shortname.keyword | string |
detections | string |
detections.keyword | string |
domain_cat | string |
domain_cat.keyword | string |
email_type | string |
email_type.keyword | string |
etl_date | date |
file | string |
file.keyword | string |
first_seen | date |
indicator | string |
indicator_context | string |
indicator_context.keyword | string |
indicator_type | string |
indicator_type.keyword | string |
indicator.keyword | string |
label | string |
label.keyword | string |
last_seen | date |
location | conflict |
location.keyword | string |
negative_sentiment | number |
neutral_sentiment | number |
password_redact | string |
password_redact.keyword | string |
positive_sentiment | number |
postal_code | string |
postal_code.keyword | string |
process_type | string |
process_type.keyword | string |
raw_data_file | string |
raw_data_file.keyword | string |
raw_datafile | string |
raw_datafile.keyword | string |
rdata | string |
rdata.keyword | string |
recipients | string |
recipients.keyword | string |
reference | string |
reference_domain | string |
reference_domain.keyword | string |
reference_title | string |
reference_title.keyword | string |
reference.keyword | string |
region | string |
region.keyword | string |
root_node | string |
root_node.keyword | string |
rrname | string |
rrname.keyword | string |
s_ip | string |
s_ip.keyword | string |
s_port | string |
s_port.keyword | string |
sc_bytes | string |
sc_bytes.keyword | string |
sc_status | string |
sc_status.keyword | string |
sc_substatus | string |
sc_substatus.keyword | string |
sc_win32_status | string |
sc_win32_status.keyword | string |
search_entity | string |
search_entity.keyword | string |
search_term | string |
search_term.keyword | string |
sender | string |
sender.keyword | string |
source | string |
source.keyword | string |
subject_line | string |
subject_line.keyword | string |
tag | string |
tag.keyword | string |
targets | string |
targets.keyword | string |
type | string |
type.keyword | string |
url_cat | string |
url_cat.keyword | string |
username | string |
username.keyword | string |
vendor | string |
vendor.keyword | string |
victim_src_ip | string |
victim_src_ip.keyword | string |
victim_whois | string |
victim_whois.keyword | string |
Last updated