elastic · fgierlinger · Oct 6, 2023 · Oct 6, 2023 · Oct 6, 2023 · Oct 18, 2023
@@ -18,6 +18,8 @@ Thanks, you're awesome :-) -->
 
 #### Improvements
 
+Updated description for 'syslog.severity.name' to clarify that the type is text-based. #2290
+
 #### Deprecated
 
 ### Tooling and Artifact Changes
@@ -30,6 +32,8 @@ Thanks, you're awesome :-) -->
 
 #### Improvements
 
+
+
 #### Deprecated
 
 

@@ -5910,7 +5910,7 @@ example: `3`
 [[field-log-syslog-severity-name]]
 <<field-log-syslog-severity-name, log.syslog.severity.name>>
 
-a| The Syslog numeric severity of the log event, if available.
+a| The Syslog text-based severity of the log event, if available.
 
 If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source's text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`.
 

@@ -3965,7 +3965,7 @@
       level: extended
       type: keyword
       ignore_above: 1024
-      description: 'The Syslog numeric severity of the log event, if available.
+      description: 'The Syslog text-based severity of the log event, if available.
 
         If the event source publishing via Syslog provides a different severity value
         (e.g. firewall, IDS), your source''s text severity should go to `log.level`.

@@ -6502,7 +6502,7 @@ log.syslog.severity.code:
   type: long
 log.syslog.severity.name:
   dashed_name: log-syslog-severity-name
-  description: 'The Syslog numeric severity of the log event, if available.
+  description: 'The Syslog text-based severity of the log event, if available.
 
     If the event source publishing via Syslog provides a different severity value
     (e.g. firewall, IDS), your source''s text severity should go to `log.level`. If

@@ -7990,7 +7990,7 @@ log:
       type: long
     log.syslog.severity.name:
       dashed_name: log-syslog-severity-name
-      description: 'The Syslog numeric severity of the log event, if available.
+      description: 'The Syslog text-based severity of the log event, if available.
 
         If the event source publishing via Syslog provides a different severity value
         (e.g. firewall, IDS), your source''s text severity should go to `log.level`.

@@ -3915,7 +3915,7 @@
       level: extended
       type: keyword
       ignore_above: 1024
-      description: 'The Syslog numeric severity of the log event, if available.
+      description: 'The Syslog text-based severity of the log event, if available.
 
         If the event source publishing via Syslog provides a different severity value
         (e.g. firewall, IDS), your source''s text severity should go to `log.level`.

@@ -6433,7 +6433,7 @@ log.syslog.severity.code:
   type: long
 log.syslog.severity.name:
   dashed_name: log-syslog-severity-name
-  description: 'The Syslog numeric severity of the log event, if available.
+  description: 'The Syslog text-based severity of the log event, if available.
 
     If the event source publishing via Syslog provides a different severity value
     (e.g. firewall, IDS), your source''s text severity should go to `log.level`. If

@@ -7910,7 +7910,7 @@ log:
       type: long
     log.syslog.severity.name:
       dashed_name: log-syslog-severity-name
-      description: 'The Syslog numeric severity of the log event, if available.
+      description: 'The Syslog text-based severity of the log event, if available.
 
         If the event source publishing via Syslog provides a different severity value
         (e.g. firewall, IDS), your source''s text severity should go to `log.level`.

@@ -119,7 +119,7 @@
       example: Error
       short: Syslog text-based severity of the event.
       description: >
-        The Syslog numeric severity of the log event, if available.
+        The Syslog text-based severity of the log event, if available.
 
         If the event source publishing via Syslog provides a different severity
         value (e.g. firewall, IDS), your source's text severity should go to `log.level`.