elasticsearch fields
editelasticsearch fields
editelasticsearch Module
elasticsearch fields
edit-
elasticsearch.node.id
-
type: keyword
example: DSiWcTyeThWtUXLB9J0BMw
ID of the node
-
elasticsearch.node.name
-
type: keyword
example: vWNJsZ3
Name of the node
-
elasticsearch.index.name
-
type: keyword
example: filebeat-test-input
Index name
-
elasticsearch.index.id
-
type: keyword
example: aOGgDwbURfCV57AScqbCgw
Index id
-
elasticsearch.shard.id
-
type: keyword
example: 0
Id of the shard
audit fields
edit-
elasticsearch.audit.layer
-
type: keyword
example: rest
The layer from which this event originated: rest, transport or ip_filter
-
elasticsearch.audit.event_type
-
type: keyword
example: access_granted
The type of event that occurred: anonymous_access_denied, authentication_failed, access_denied, access_granted, connection_granted, connection_denied, tampered_request, run_as_granted, run_as_denied
-
elasticsearch.audit.origin_type
-
type: keyword
example: local_node
Where the request originated: rest (request originated from a REST API request), transport (request was received on the transport channel), local_node (the local node issued the request)
-
elasticsearch.audit.origin_address
-
type: ip
example: 192.168.1.42
The IP address from which the request originated
-
elasticsearch.audit.origin_port
-
type: integer
example: 9300
The TCP port from which the request originated
-
elasticsearch.audit.principal
-
type: keyword
example: _anonymous
The principal (username) that failed authentication
-
elasticsearch.audit.realm
-
type: keyword
The authentication realm
-
elasticsearch.audit.roles
-
type: keyword
example: [kibana_user, beats_admin]
Roles to which the principal belongs
-
elasticsearch.audit.action
-
type: keyword
example: cluster:monitor/main
The name of the action that was executed
-
elasticsearch.audit.uri
-
type: keyword
example: /_xpack/security/_authenticate
The REST endpoint URI
-
elasticsearch.audit.uri_params
-
type: text
example: {username=jacknich2}
REST URI parameters
-
elasticsearch.audit.indices
-
type: keyword
example: [foo-2019.01.04, foo-2019.01.03, foo-2019.01.06]
Indices accessed by action
-
elasticsearch.audit.request_id
-
type: keyword
example: WzL_kb6VSvOhAq0twPvHOQ
Unique ID of request
-
elasticsearch.audit.request_method
-
type: keyword
example: GET
Method of HTTP request
-
elasticsearch.audit.request
-
type: keyword
example: ClearScrollRequest
The type of request that was executed
-
elasticsearch.audit.request_body
-
type: text
example: body
The body of the request, if enabled
-
elasticsearch.audit.user_realm
-
type: keyword
example: __attach
The name of the realm that authenticated the user
deprecation fields
editgc fields
editGC fileset fields.
phase fields
editFields specific to GC phase.
-
elasticsearch.gc.phase.name
-
type: keyword
Name of the GC collection phase.
-
elasticsearch.gc.phase.duration_sec
-
type: float
Collection phase duration according to the Java virtual machine.
-
elasticsearch.gc.phase.scrub_symbol_table_time_sec
-
type: float
Pause time in seconds cleaning up symbol tables.
-
elasticsearch.gc.phase.scrub_string_table_time_sec
-
type: float
Pause time in seconds cleaning up string tables.
-
elasticsearch.gc.phase.weak_refs_processing_time_sec
-
type: float
Time spent processing weak references in seconds.
-
elasticsearch.gc.phase.parallel_rescan_time_sec
-
type: float
Time spent in seconds marking live objects while application is stopped.
-
elasticsearch.gc.phase.class_unload_time_sec
-
type: float
Time spent unloading unused classes in seconds.
cpu_time fields
editProcess CPU time spent performing collections.
-
elasticsearch.gc.phase.cpu_time.user_sec
-
type: float
CPU time spent outside the kernel.
-
elasticsearch.gc.phase.cpu_time.sys_sec
-
type: float
CPU time spent inside the kernel.
-
elasticsearch.gc.phase.cpu_time.real_sec
-
type: float
Total elapsed CPU time spent to complete the collection from start to finish.
-
elasticsearch.gc.jvm_runtime_sec
-
type: float
The time from JVM start up in seconds, as a floating point number.
-
elasticsearch.gc.threads_total_stop_time_sec
-
type: float
Garbage collection threads total stop time seconds.
-
elasticsearch.gc.stopping_threads_time_sec
-
type: float
Time took to stop threads seconds.
-
elasticsearch.gc.tags
-
type: keyword
GC logging tags.
heap fields
editHeap allocation and total size.
-
elasticsearch.gc.heap.size_kb
-
type: integer
Total heap size in kilobytes.
-
elasticsearch.gc.heap.used_kb
-
type: integer
Used heap in kilobytes.
old_gen fields
editOld generation occupancy and total size.
-
elasticsearch.gc.old_gen.size_kb
-
type: integer
Total size of old generation in kilobytes.
-
elasticsearch.gc.old_gen.used_kb
-
type: integer
Old generation occupancy in kilobytes.
young_gen fields
editYoung generation occupancy and total size.
-
elasticsearch.gc.young_gen.size_kb
-
type: integer
Total size of young generation in kilobytes.
-
elasticsearch.gc.young_gen.used_kb
-
type: integer
Young generation occupancy in kilobytes.
server fields
editServer log file
-
elasticsearch.server.component
-
type: keyword
example: o.e.c.m.MetaDataCreateIndexService
Log component
gc fields
editGC log
young fields
editYoung GC
-
elasticsearch.server.gc.young.one
-
type: long
example:
-
elasticsearch.server.gc.young.two
-
type: long
example:
-
elasticsearch.server.gc.overhead_seq
-
type: long
example: 3449992
Sequence number
-
elasticsearch.server.gc.collection_duration.ms
-
type: float
example: 1600
Time spent in GC, in milliseconds
-
elasticsearch.server.gc.observation_duration.ms
-
type: float
example: 1800
Total time over which collection was observed, in milliseconds
slowlog fields
editSlowlog events from Elasticsearch
-
elasticsearch.slowlog.logger
-
type: keyword
example: index.search.slowlog.fetch
Logger name
-
elasticsearch.slowlog.took
-
type: text
example: 300ms
Time it took to execute the query
-
elasticsearch.slowlog.types
-
type: keyword
example:
Types
-
elasticsearch.slowlog.stats
-
type: text
example:
Statistics
-
elasticsearch.slowlog.search_type
-
type: keyword
example: QUERY_THEN_FETCH
Search type
-
elasticsearch.slowlog.source_query
-
type: text
example: {"query":{"match_all":{"boost":1.0}}}
Slow query
-
elasticsearch.slowlog.extra_source
-
type: text
example:
Extra source information
-
elasticsearch.slowlog.took_millis
-
type: keyword
example: 42
Time took in milliseconds
-
elasticsearch.slowlog.total_hits
-
type: keyword
example: 42
Total hits
-
elasticsearch.slowlog.total_shards
-
type: keyword
example: 22
Total queried shards
-
elasticsearch.slowlog.routing
-
type: keyword
example: s01HZ2QBk9jw4gtgaFtn
Routing
-
elasticsearch.slowlog.id
-
type: keyword
example:
Id
-
elasticsearch.slowlog.type
-
type: keyword
example: doc
Type