Why does client.version field does not exist?

babs · October 27, 2023, 8:47am

Hello,

I wonder why the client.version field does not exist in the ECS ?
Does it have to be a custom field ?

There is a agent.version, a service.version, but client.version does not exist.

Edit: I see that server.version and source.version do not exist either, it seems related (to the thing I don't get ).

Usecase: I have to process vpn server logs, the client version appears in the logs, and I want to store it. I can obviously make a custom vpn.client.version but I thought there was a more generic approach.

TY in advance for your response,
Babs

ebeahan · October 27, 2023, 1:55pm

Hi, @babs!

In ECS the client.* fields describes the initiator of a network connection between a client/server. The type of software client you're describing is often a good candidate to use the service.* fields.

ECS defines service.origin.version as a nesting of service.*, and I see the field being a good fit for your use case.

system · November 24, 2023, 1:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ECS field for client id Elastic Observability ecs-elastic-common-schema	1	458	December 2, 2022
ES Template versioning Elasticsearch	2	730	February 11, 2019
Custom fields in ECS Elasticsearch ecs-elastic-common-schema	3	1110	November 19, 2019
How does ES version map to the official clients (e.g. python)? Elasticsearch	4	319	July 6, 2017
Return _version with query hits Elasticsearch	4	11731	July 6, 2017

Why does client.version field does not exist?

Related topics