Volume fields
Elastic Stack Serverless
Fields related to storage volume details.
Warning
These fields are beta and are subject to change.
| Field | Description | Level |
|---|---|---|
| volume.bus_type | Bus type of the device, such as Nvme, Usb, or FileBackedVirtual.type: keyword example: FileBackedVirtual |
extended |
| volume.default_access | Describes the default access(es) of the volume. type: keyword |
extended |
| volume.device_name | Full path of the volume device. Only populate this field for POSIX system volumes. type: keyword |
extended |
| volume.device_type | Volume device type. The most frequently seen volume device types are Disk File System and CD-ROM File System.type: keyword example: CD-ROM File System |
extended |
| volume.dos_name | The MS-DOS name of a device. DOS device name is in the format of driver letters, such as C:. The field is relevant to Windows systems only.type: keyword example: E: |
extended |
| volume.file_system_type | Volume device file system type. The most common volume file system types are NTFS and UDF.type: keyword |
extended |
| volume.mount_name | Mount name of the volume device. Only populate this field for POSIX system volumes. type: keyword |
extended |
| volume.nt_name | The NT device name. NT device name uses a format of \Device\HarddiskVolume2. The field is relevant to Windows systems only.type: keyword example: \Device\Cdrom1 |
extended |
| volume.product_id | ProductID of the device. The vendor provides the ProductID for the volume, if any. type: keyword |
extended |
| volume.product_name | Product name of the volume. The volume device vendor provides this value. type: keyword example: Virtual DVD-ROM |
extended |
| volume.removable | Indicates if the volume is removable. type: boolean |
extended |
| volume.serial_number | Serial number identifier for the volume device. The serial number is provided by the vendor of the device, if any. type: keyword |
extended |
| volume.size | Size of the volume device in bytes. type: long |
extended |
| volume.vendor_id | VendorID of the volume device. The volume device vendor provides this value. type: keyword |
extended |
| volume.vendor_name | Vendor name of the volume device. The value is provided by the vendor of the device. type: keyword example: Msft |
extended |
| volume.writable | Indicates if the volume is writable. type: boolean |
extended |