Host

Top Level Fieldset: False

The host fields define details about the machine, node, or container on which the event occurred.

Fields from host can only be found at the following locations:

• source.host
• destination.host

Host Fields

host.hostname

Required Field: False
Type: STRING
Example: jdoes-mac
Detection Supported Field: True

Hostname of the host.

host.id

Required Field: False
Type: STRING
Example: dfg422
Detection Supported Field: True

Unique ID of the host.

host.mac

Required Field: False
Type: STRING
Example: 32-4B-4D-ED-60-FC
Detection Supported Field: True

MAC address of the host.

host.name

Required Field: False
Type: STRING
Example: jdoes-mac
Detection Supported Field: True

Name of the host. This value can be the hostname, FQDN, or user-defined name.

host.type

Required Field: False
Type: STRING
Example: workstation
Detection Supported Field: True

Type of host.