diff --git a/rfcs/text/0006-host-identifiers.md b/rfcs/text/0006-host-identifiers.md new file mode 100644 index 0000000000..21b2f72261 --- /dev/null +++ b/rfcs/text/0006-host-identifiers.md @@ -0,0 +1,61 @@ +# 0006: Host Identifiers + + +- Stage: **0 (strawperson)** +- Date: **2020-09-08** + + + + + +Many sources populating event `host.*` fields have different behaviors in how the host values are set. This can cause confusion, complexity, and frustration for users expecting to easily identify unique hosts in their environments. This RFC proposes establishing a common convention to ensure more consistent mapping of these host identifier fields. + +At the time of writing, the following are several known challenges caused by these inconsistencies: + +* Confusion between the `host.name` and `host.hostname` fields +* Unicity problems in raw hostnames. This can be common with workstations on certain OSes, for example a fleet of "MacBook-Pro.local" +* Unicity problems in host.ids (e.g. misconfigured config management tools, machine images, disk snapshots, etc.) +* Usage of unqualified vs. fully-qualified hostnames in the same fields (by different data sources) leads to host duplication + +## People + +The following are the people that consulted on the contents of this RFC. + +* @ebeahan | author +* @webmat | co-author + + + + +## References + + +* https://github.com/elastic/beats/issues/1070#issuecomment-677782937 +* https://github.com/elastic/kibana/pull/74272 +* https://github.com/elastic/beats/issues/18043#issuecomment-623501936 + +### RFC Pull Requests + + + +* Stage 0: https://github.com/elastic/ecs/pull/955 + +