youtubebeat/vendor/github.com/elastic/beats/metricbeat/module/system/socket/_meta/fields.yml

- name: socket
  type: group
  description: >
    TCP sockets that are active.    
  release: ga
  fields:
    - name: direction
      type: keyword
      example: incoming
      description: >
        How the socket was initiated. Possible values are incoming, outgoing,
        or listening.        

    - name: family
      type: keyword
      example: ipv4
      description: >
        Address family.        

    - name: local.ip
      type: ip
      example: 192.0.2.1 or 2001:0DB8:ABED:8536::1
      description: >
        Local IP address. This can be an IPv4 or IPv6 address.        

    - name: local.port
      type: long
      example: 22
      description: >
        Local port.        

    - name: remote.ip
      type: ip
      example: 192.0.2.1 or 2001:0DB8:ABED:8536::1
      description: >
        Remote IP address. This can be an IPv4 or IPv6 address.        

    - name: remote.port
      type: long
      example: 22
      description: >
        Remote port.        

    - name: remote.host
      type: keyword
      example: 76-211-117-36.nw.example.com.
      description: >
        PTR record associated with the remote IP. It is obtained via reverse
        IP lookup.        

    - name: remote.etld_plus_one
      type: keyword
      example: example.com.
      description: >
       The effective top-level domain (eTLD) of the remote host plus one more
       label. For example, the eTLD+1 for "foo.bar.golang.org." is "golang.org.".
       The data for determining the eTLD comes from an embedded copy of the data
       from http://publicsuffix.org.       

    - name: remote.host_error
      type: keyword
      description: >
        Error describing the cause of the reverse lookup failure.        

    - name: process.pid
      type: long
      description: >
        ID of the process that opened the socket.        

    - name: process.command
      type: keyword
      description: >
        Name of the command (limited to 20 chars by the OS).        

    - name: process.cmdline
      type: keyword
      description: >

    - name: process.exe
      type: keyword
      description: >
        Absolute path to the executable.        

    - name: user.id
      type: long
      description: >
        UID of the user running the process.        

    - name: user.name
      type: keyword
      description: >
        Name of the user running the process.