- `user_agent` - Populate `user_agent.version` and `user_agent.os.version`, not major/minor/patch. Will need to revisit most access log modules to fix this. - Use `user_agent.os.full` (not `user_agent.os.full_name`) to save what was in `user_agent.os` - Leverage the new `.address` fields for the ambiguous address, prior to extracting an IP or domain - Domain should look like a domain. Don't get sockets in `.domain` - Use `client` / `server` as well, where it makes sense - After HTTP field set is imported (#9645) - Transition the http size metrics (Traefik, Kibana) - `filebeat/_meta/fields.common.yml` defines `http.response.content_length` which should become an alias to `http.response.body.size`(may impact many modules) - Deprecate usage of `http.response.elapsed_time` - `network.direction:inbound` for access logs?