Orchestrator fields
Elastic Stack Serverless
Fields that describe the resources which container orchestrators manage or act upon.
| Field | Description | Level |
|---|---|---|
| orchestrator.api_version | API version being used to carry out the action type: keyword example: v1beta1 |
extended |
| orchestrator.cluster.id | Unique ID of the cluster. type: keyword |
extended |
| orchestrator.cluster.name | Name of the cluster. type: keyword |
extended |
| orchestrator.cluster.url | URL of the API used to manage the cluster. type: keyword |
extended |
| orchestrator.cluster.version | The version of the cluster. type: keyword |
extended |
| orchestrator.namespace | Namespace in which the action is taking place. type: keyword example: kube-system |
extended |
| orchestrator.organization | Organization affected by the event (for multi-tenant orchestrator setups). type: keyword example: elastic |
extended |
| orchestrator.resource.annotation | The list of annotations added to the resource. type: keyword Note: this field should contain an array of values. example: ['key1:value1', 'key2:value2', 'key3:value3'] |
extended |
| orchestrator.resource.id | Unique ID of the resource being acted upon. type: keyword |
extended |
| orchestrator.resource.ip | IP address assigned to the resource associated with the event being observed. In the case of a Kubernetes Pod, this array would contain only one element: the IP of the Pod (as opposed to the Node on which the Pod is running). type: ip Note: this field should contain an array of values. |
extended |
| orchestrator.resource.label | The list of labels added to the resource. type: keyword Note: this field should contain an array of values. example: ['key1:value1', 'key2:value2', 'key3:value3'] |
extended |
| orchestrator.resource.name | Name of the resource being acted upon. type: keyword example: test-pod-cdcws |
extended |
| orchestrator.resource.parent.type | Type or kind of the parent resource associated with the event being observed. In Kubernetes, this will be the name of a built-in workload resource (e.g., Deployment, StatefulSet, DaemonSet). type: keyword example: DaemonSet |
extended |
| orchestrator.resource.type | Type of resource being acted upon. type: keyword example: service |
extended |
| orchestrator.type | Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry). type: keyword example: kubernetes |
extended |