Rename delivery_timestamp custom group to 'base'

Now delivery_timestamp can be used as part of base Updated the command subset.yml
wazuh · Nov 28, 2024 · 280e36e · 280e36e
1 parent db6147d
commit 280e36e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 6 deletions.
diff --git a/ecs/command/fields/custom/base.yml b/ecs/command/fields/custom/base.yml
@@ -0,0 +1,9 @@
+- name: base
+  title: Wazuh base fields
+  root: true
+  fields:
+    - name: delivery_timestamp
+      type: date
+      level: custom
+      description: >
+        The latest date-time for the command to be delivered. Calculated as the current timestamp plus the timeout.
diff --git a/ecs/command/fields/custom/delivery_timestamp.yml b/ecs/command/fields/custom/delivery_timestamp.yml
diff --git a/ecs/command/fields/subset.yml b/ecs/command/fields/subset.yml
@@ -5,9 +5,9 @@ fields:
     fields:
       tags: []
       "@timestamp": {}
+      "delivery_timestamp": {}
   agent:
     fields:
       groups: {}
   command:
     fields: "*"
-  delivery_timestamp: {}