Skip to content

Others Schema

Others schema specifies the schema for error events that occurred during parsing or storage process. It is derived from ECS schema naming.

---
define:
  name: Others Schema
  type: lmio/schema

fields:

  _id:
    type: "str"
    representation: "base85"
    docs: Unique identifier for the event, encoded in base85 format

  '@timestamp':
    type: "datetime"
    docs: Timestamp when the others event occurred (this should be the current time)

  event.ingested:
    type: "datetime"
    docs: Timestamp when the event was ingested

  event.created:
    type: "datetime"
    docs: Timestamp when the event was created

  event.original:
    type: "str"
    elasticsearch:
      type: "text"
    docs: Original unparsed event message

  event.dataset:
    type: "str"
    docs: Dataset name for the event

  error.code:
    type: "str"
    docs: https://www.elastic.co/guide/en/ecs/current/ecs-error.html#field-error-code

  error.id:
    type: "str"
    docs: Unique identifier for the error

  error.message:
    type: "text"
    elasticsearch:
      type: "text"
    docs: Error message details

  error.stack_trace:
    type: "text"
    elasticsearch:
      type: "text"
    docs: Stack trace information for the error

  error.type:
    type: "str"
    docs: Type of error encountered

  tenant:
    type: "str"
    docs: Identifier for the tenant