- Filebeat Reference: other versions:
- Overview
- Getting Started With Filebeat
- Step 1: Install Filebeat
- Step 2: Configure Filebeat
- Step 3: Configure Filebeat to use Logstash
- Step 4: Load the index template in Elasticsearch
- Step 5: Set up the Kibana dashboards
- Step 6: Start Filebeat
- Step 7: View the sample Kibana dashboards
- Quick start: modules for common log formats
- Repositories for APT and YUM
- Setting up and running Filebeat
- Upgrading Filebeat
- How Filebeat works
- Configuring Filebeat
- Specify which modules to run
- Configure inputs
- Manage multiline messages
- Specify general settings
- Load external configuration files
- Configure the internal queue
- Configure the output
- Set up index lifecycle management
- Load balance the output hosts
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Enrich events with geoIP information
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- Autodiscover
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- filebeat.reference.yml
- Beats central management
- Modules
- Exported fields
- Alias fields
- Apache2 fields
- Auditd fields
- Beat fields
- Cloud provider metadata fields
- Docker fields
- elasticsearch fields
- haproxy fields
- Host fields
- Icinga fields
- IIS fields
- Kafka fields
- kibana fields
- Kubernetes fields
- Log file content fields
- logstash fields
- mongodb fields
- MySQL fields
- Nginx fields
- Osquery fields
- PostgreSQL fields
- Redis fields
- System fields
- Traefik fields
- Monitoring Filebeat
- Securing Filebeat
- Troubleshooting
- Migrating from Logstash Forwarder to Filebeat
- Contributing to Beats
logstash fields
editlogstash fields
editlogstash Module
logstash fields
editlog fields
editFields from the Logstash logs.
-
logstash.log.message -
type: text
Contains the un-parsed log message
-
logstash.log.level -
type: keyword
The log level of the message, this correspond to Log4j levels.
-
logstash.log.module -
type: keyword
The module or class where the event originate.
-
logstash.log.thread -
type: text
Information about the running thread where the log originate.
-
logstash.log.log_event -
type: object
key and value debugging information.
slowlog fields
editslowlog
-
logstash.slowlog.message -
type: text
Contains the un-parsed log message
-
logstash.slowlog.level -
type: keyword
The log level of the message, this correspond to Log4j levels.
-
logstash.slowlog.module -
type: keyword
The module or class where the event originate.
-
logstash.slowlog.thread -
type: text
Information about the running thread where the log originate.
-
logstash.slowlog.event -
type: text
Raw dump of the original event
-
logstash.slowlog.plugin_name -
type: keyword
Name of the plugin
-
logstash.slowlog.plugin_type -
type: keyword
Type of the plugin: Inputs, Filters, Outputs or Codecs.
-
logstash.slowlog.took_in_millis -
type: long
Execution time for the plugin in milliseconds.
-
logstash.slowlog.took_in_nanos -
type: long
Execution time for the plugin in nanoseconds.
-
logstash.slowlog.plugin_params -
type: text
String value of the plugin configuration
-
logstash.slowlog.plugin_params_object -
type: object
key → value of the configuration used by the plugin.
On this page