Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC] Host Identifiers #955

Merged
merged 5 commits into from
Sep 8, 2020
Merged

[RFC] Host Identifiers #955

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
22a61ff
adding host identifiers RFC
ebeahan Aug 26, 2020
06fe2ad
adding stage 0 PR link
ebeahan Aug 26, 2020
f2f9e22
Apply suggestions from code review
ebeahan Aug 27, 2020
5656d10
assigning rfc number and date
ebeahan Sep 8, 2020
8817acf
adding co-author
ebeahan Sep 8, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 61 additions & 0 deletions rfcs/text/0006-host-identifiers.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# 0006: Host Identifiers
<!-- Leave this ID at 0000. The ECS team will assign a unique, contiguous RFC number upon merging the initial stage of this RFC. -->

- Stage: **0 (strawperson)** <!-- Update to reflect target stage. See https://elastic.github.io/ecs/stages.html -->
- Date: **2020-09-08** <!-- The ECS team sets this date at merge time. This is the date of the latest stage advancement. -->

<!--
As you work on your RFC, use the "Stage N" comments to guide you in what you should focus on, for the stage you're targeting.
Feel free to remove these comments as you go along.
-->

<!--
Stage 0: Provide a high level summary of the premise of these changes. Briefly describe the nature, purpose, and impact of the changes. ~2-5 sentences.
-->

Many sources populating event `host.*` fields have different behaviors in how the host values are set. This can cause confusion, complexity, and frustration for users expecting to easily identify unique hosts in their environments. This RFC proposes establishing a common convention to ensure more consistent mapping of these host identifier fields.

At the time of writing, the following are several known challenges caused by these inconsistencies:

* Confusion between the `host.name` and `host.hostname` fields
* Unicity problems in raw hostnames. This can be common with workstations on certain OSes, for example a fleet of "MacBook-Pro.local"
* Unicity problems in host.ids (e.g. misconfigured config management tools, machine images, disk snapshots, etc.)
* Usage of unqualified vs. fully-qualified hostnames in the same fields (by different data sources) leads to host duplication

## People

The following are the people that consulted on the contents of this RFC.

* @ebeahan | author
* @webmat | co-author

<!--
Who will be or has consulted on the contents of this RFC? Identify authorship and sponsorship, and optionally identify the nature of involvement of others. Link to GitHub aliases where possible. This list will likely change or grow stage after stage.

e.g.:

* @Yasmina | author
* @Monique | sponsor
* @EunJung | subject matter expert
* @JaneDoe | grammar, spelling, prose
* @Mariana
-->


## References

<!-- Insert any links appropriate to this RFC in this section. -->
* https://github.com/elastic/beats/issues/1070#issuecomment-677782937
* https://github.com/elastic/kibana/pull/74272
* https://github.com/elastic/beats/issues/18043#issuecomment-623501936

### RFC Pull Requests

<!-- An RFC should link to the PRs for each of it stage advancements. -->

* Stage 0: https://github.com/elastic/ecs/pull/955

<!--
* Stage 1: https://github.com/elastic/ecs/pull/NNN
...
-->