Why does client.version field does not exist?

Hello,

I wonder why the client.version field does not exist in the ECS ?
Does it have to be a custom field ?

There is a agent.version, a service.version, but client.version does not exist.

Edit: I see that server.version and source.version do not exist either, it seems related (to the thing I don't get ).

Usecase: I have to process vpn server logs, the client version appears in the logs, and I want to store it. I can obviously make a custom vpn.client.version but I thought there was a more generic approach.

TY in advance for your response,
Babs

Hi, @babs!

In ECS the client.* fields describes the initiator of a network connection between a client/server. The type of software client you're describing is often a good candidate to use the service.* fields.

ECS defines service.origin.version as a nesting of service.*, and I see the field being a good fit for your use case.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.