WARNING: Version 5.5 of Filebeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Apache2 Fields
editApache2 Fields
editApache2 Module
apache2 Fields
editApache2 fields.
access Fields
editContains fields for the Apache2 HTTPD access logs.
apache2.access.remote_ip
edittype: keyword
Client IP address.
apache2.access.user_name
edittype: keyword
The user name used when basic authentication is used.
apache2.access.method
edittype: keyword
example: GET
The request HTTP method.
apache2.access.url
edittype: keyword
The request HTTP URL.
apache2.access.http_version
edittype: keyword
The HTTP version.
apache2.access.response_code
edittype: long
The HTTP response code.
apache2.access.body_sent.bytes
edittype: long
format: bytes
The number of bytes of the server response body.
apache2.access.referrer
edittype: keyword
The HTTP referrer.
apache2.access.agent
edittype: text
Contains the un-parsed user agent string. Only present if the user agent Elasticsearch plugin is not available or not used.
user_agent Fields
editContains the parsed User agent field. Only present if the user agent Elasticsearch plugin is available and used.
apache2.access.user_agent.device
edittype: keyword
The name of the physical device.
apache2.access.user_agent.major
edittype: long
The major version of the user agent.
apache2.access.user_agent.minor
edittype: long
The minor version of the user agent.
apache2.access.user_agent.patch
edittype: keyword
The patch version of the user agent.
apache2.access.user_agent.name
edittype: keyword
example: Chrome
The name of the user agent.
apache2.access.user_agent.os
edittype: keyword
The name of the operating system.
apache2.access.user_agent.os_major
edittype: long
The major version of the operating system.
apache2.access.user_agent.os_minor
edittype: long
The minor version of the operating system.
apache2.access.user_agent.os_name
edittype: keyword
The name of the operating system.
geoip Fields
editContains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.
apache2.access.geoip.continent_name
edittype: keyword
The name of the continent.
apache2.access.geoip.country_iso_code
edittype: keyword
Country ISO code.
apache2.access.geoip.location
edittype: geo_point
The longitude and latitude.
error Fields
editFields from the Apache error logs.
apache2.error.level
edittype: keyword
The severity level of the message.
apache2.error.client
edittype: keyword
The IP address of the client that generated the error.
apache2.error.message
edittype: text
The logged message.
apache2.error.pid
edittype: long
The process ID.
apache2.error.tid
edittype: long
The thread ID.
apache2.error.module
edittype: keyword
The module producing the logged message.