All SaltMiner indices follow the ECS convention of using the following fields in all documents.
| Field | Description |
|---|---|
| id | Unique identifier for this document. As a rule this field exists on all document and is the primary key. When a field flows down the id is generally copied to the <indices>.id field. required: Yes type: keyword |
| timestamp | system timestamp for this document?UTC or time zone included? type: timestamp example: 2020-11-02T23:57:04.344886 |