Why does client.version field does not exist?

babs · October 27, 2023, 8:47am

Hello,

I wonder why the client.version field does not exist in the ECS ?
Does it have to be a custom field ?

There is a agent.version, a service.version, but client.version does not exist.

Edit: I see that server.version and source.version do not exist either, it seems related (to the thing I don't get ).

Usecase: I have to process vpn server logs, the client version appears in the logs, and I want to store it. I can obviously make a custom vpn.client.version but I thought there was a more generic approach.

TY in advance for your response,
Babs

ebeahan · October 27, 2023, 1:55pm

Hi, @babs!

In ECS the client.* fields describes the initiator of a network connection between a client/server. The type of software client you're describing is often a good candidate to use the service.* fields.

ECS defines service.origin.version as a nesting of service.*, and I see the field being a good fit for your use case.

system · November 24, 2023, 1:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Getting version info from TransportClient request? Elasticsearch	1	344	July 6, 2017
Elasticsearch Upgrade to Version 1.4.4 Elasticsearch	2	361	July 6, 2017
Elasticsearch Version Upgrade Elasticsearch	8	396	July 6, 2017
Versioning of Elastica Elasticsearch	3	490	July 6, 2017
How does ES version map to the official clients (e.g. python)? Elasticsearch	4	344	July 6, 2017

Why does client.version field does not exist?

Related topics