系统主机数据集
编辑系统主机数据集编辑
此功能目前处于测试阶段,可能会发生变化。其设计和代码不如正式的 GA 功能成熟,并且按原样提供,不作任何保证。测试功能不受正式 GA 功能的支持 SLA 的约束。
这是系统模块的 host 数据集。
它适用于 Linux、macOS (Darwin) 和 Windows。
示例仪表板编辑
此数据集附带一个示例仪表板
字段编辑
有关数据集中每个字段的说明,请参阅导出字段部分。
以下是由此数据集生成的示例文档
{
"@timestamp": "2017-10-12T08:05:34.853Z",
"agent": {
"hostname": "host.example.com",
"name": "host.example.com"
},
"event": {
"action": "host",
"dataset": "host",
"module": "system",
"kind": "state"
},
"message": "Ubuntu host ubuntu-bionic (IP: 10.0.2.15) is up for 0 days, 5 hours, 11 minutes",
"service": {
"type": "system"
},
"system": {
"audit": {
"host": {
"architecture": "x86_64",
"boottime": "2018-12-10T15:48:44Z",
"containerized": false,
"hostname": "ubuntu-bionic",
"id": "6f7be6fb33e6c77f057266415c094408",
"ip": [
"10.0.2.15",
"fe80::2d:fdff:fe81:e747",
"172.28.128.3",
"fe80::a00:27ff:fe1f:7160",
"172.17.0.1",
"fe80::42:83ff:febe:1a3a",
"172.18.0.1",
"fe80::42:9eff:fed3:d888"
],
"mac": [
"02-2D-FD-81-E7-47",
"08-00-27-1F-71-60",
"02-42-83-BE-1A-3A",
"02-42-9E-D3-D8-88"
],
"os": {
"family": "debian",
"kernel": "4.15.0-42-generic",
"name": "Ubuntu",
"platform": "ubuntu",
"version": "18.04.1 LTS (Bionic Beaver)"
},
"timezone.name": "UTC",
"timezone.offset.sec": 0,
"type": "linux",
"uptime": 18661357350265
}
}
}
}