type Query { fetch(name : String) : [String] } # type of supported streams enum StreamType { logs metrics traces synthetics } # the most common attributes shared by all top level entities interface BaseRecord { #'Date/time when the event originated. # # This is the date/time extracted from the event, typically representing when # the event was generated by the source. # # If the event source has no original timestamp, this value is typically populated # by the first time the event was received by the pipeline. # # Required field for all events.' timestamp : Time! #'Custom key/value pairs. # # Can be used to add meta information to events. Should not contain nested objects. # All values are stored as keyword. # # Example: '{"application": "foo-bar", "env": "production"}' labels : JSON # 'For log events the message field contains the log message, optimized # for viewing in a log viewer. # # For structured logs without an original message field, other fields can be # concatenated to form a human-readable summary of the event. # # If multiple messages exist, they can be combined into one message.' message: String # List of keywords used to tag each event. tags: [String] # Key-Value pairs representing vendor specific properties attributes: JSON } # data stream naming scheme uses the value of the data stream fields combine to the name of the actual data stream in the following manner: {data_stream.type}-{data_stream.dataset}-{data_stream.namespace}. This means the fields can only contain characters that are valid as part of names of data streams type StreamSet { #An overarching type for the data stream. streamType: StreamType # A user defined namespace. Namespaces are useful to allow grouping of data. # # Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with default. # If no value is used, it falls back to default. namespace:String # The field can contain anything that makes sense to signify the source of the data. # Examples include nginx.access, prometheus, endpoint etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. # event.dataset should have the same value as data_astream.dataset. dataset:String } # geographic related fields container type Geo { timezone:String regionName:String regionIsoCode:String postalCode:String # User-defined description of a location, at the level of granularity # they care about name:String # Longitude and latitude location:GeoPoint countryName:String countryIsoCode:String continentName:String # Two-letter code representing continent's name continentCode:String cityName:String } #An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the internet. type AutonomousSystem @key(fields: ["number"],name: "number" ){ # Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. number: Long! # organization name such as amazon.com organizationName:String } type Group { # Name of the directory the group is a member of. # #For example, an LDAP or Active Directory domain name. name:String # Unique identifier for the group on the system/platform. id:ID! # Name of the directory the group is a member of domain:String } #The organization fields enrich data with information about the company or entity the data is associated with type Organization { id:ID! name:String }