diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 029229ee84..f867516024 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -14,6 +14,8 @@ Thanks, you're awesome :-) --> #### Bugfixes +Updated description for 'syslog.severity.name' to clarify that the type is text-based. #2290 + #### Added #### Improvements @@ -30,6 +32,8 @@ Thanks, you're awesome :-) --> #### Improvements + + #### Deprecated diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index b71ae31f60..8cd6f45b6e 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -5910,7 +5910,7 @@ example: `3` [[field-log-syslog-severity-name]] <> -a| The Syslog numeric severity of the log event, if available. +a| The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source's text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`. diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 27ee873efa..9b2950d359 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -3965,7 +3965,7 @@ level: extended type: keyword ignore_above: 1024 - description: 'The Syslog numeric severity of the log event, if available. + description: 'The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source''s text severity should go to `log.level`. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 9b74b8e01a..701500a314 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -6502,7 +6502,7 @@ log.syslog.severity.code: type: long log.syslog.severity.name: dashed_name: log-syslog-severity-name - description: 'The Syslog numeric severity of the log event, if available. + description: 'The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source''s text severity should go to `log.level`. If diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 0eee0300d9..a31d8b6e1a 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -7990,7 +7990,7 @@ log: type: long log.syslog.severity.name: dashed_name: log-syslog-severity-name - description: 'The Syslog numeric severity of the log event, if available. + description: 'The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source''s text severity should go to `log.level`. diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 0c45bd930d..f58a6523f2 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -3915,7 +3915,7 @@ level: extended type: keyword ignore_above: 1024 - description: 'The Syslog numeric severity of the log event, if available. + description: 'The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source''s text severity should go to `log.level`. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index e5f035baa7..b933e4cdbe 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -6433,7 +6433,7 @@ log.syslog.severity.code: type: long log.syslog.severity.name: dashed_name: log-syslog-severity-name - description: 'The Syslog numeric severity of the log event, if available. + description: 'The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source''s text severity should go to `log.level`. If diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 048948d37f..f32a4807a0 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -7910,7 +7910,7 @@ log: type: long log.syslog.severity.name: dashed_name: log-syslog-severity-name - description: 'The Syslog numeric severity of the log event, if available. + description: 'The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source''s text severity should go to `log.level`. diff --git a/schemas/log.yml b/schemas/log.yml index 2d90ef0a96..5831cf1541 100644 --- a/schemas/log.yml +++ b/schemas/log.yml @@ -119,7 +119,7 @@ example: Error short: Syslog text-based severity of the event. description: > - The Syslog numeric severity of the log event, if available. + The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source's text severity should go to `log.level`.