NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.

« Icinga fields Kafka fields »
Elastic Docs Filebeat Reference [6.8] Exported fields

IIS fields

edit

IIS fields

edit

Module for parsing IIS log files.

iis fields

edit

Fields from IIS log files.

access fields

edit

Contains fields for IIS access logs.

iis.access.server_ip

type: keyword

The server IP address.

iis.access.method

type: keyword

example: GET

The request HTTP method.

iis.access.url

type: keyword

The request HTTP URL.

iis.access.query_string

type: keyword

The request query string, if any.

iis.access.port

type: long

The request port number.

iis.access.user_name

type: keyword

The user name used when basic authentication is used.

iis.access.remote_ip

type: keyword

The client IP address.

iis.access.referrer

type: keyword

The HTTP referrer.

iis.access.response_code

type: long

The HTTP response code.

iis.access.sub_status

type: long

The HTTP substatus code.

iis.access.win32_status

type: long

The Windows status code.

iis.access.request_time_ms

type: long

The request time in milliseconds.

iis.access.site_name

type: keyword

The site name and instance number.

iis.access.server_name

type: keyword

The name of the server on which the log file entry was generated.

iis.access.http_version

type: keyword

The HTTP version.

iis.access.cookie

type: keyword

The content of the cookie sent or received, if any.

iis.access.hostname

type: keyword

The host header name, if any.

iis.access.body_sent.bytes

type: long

format: bytes

The number of bytes of the server response body.

iis.access.body_received.bytes

type: long

format: bytes

The number of bytes of the server request body.

iis.access.agent

type: text

Contains the un-parsed user agent string. Only present if the user agent Elasticsearch plugin is not available or not used.

user_agent fields

edit

Contains the parsed user agent field. Only present if the user agent Elasticsearch plugin is available and used.

iis.access.user_agent.device

type: keyword

The name of the physical device.

iis.access.user_agent.major

type: long

The major version of the user agent.

iis.access.user_agent.minor

type: long

The minor version of the user agent.

iis.access.user_agent.patch

type: keyword

The patch version of the user agent.

iis.access.user_agent.name

type: keyword

example: Chrome

The name of the user agent.

iis.access.user_agent.os

type: keyword

The name of the operating system.

iis.access.user_agent.os_major

type: long

The major version of the operating system.

iis.access.user_agent.os_minor

type: long

The minor version of the operating system.

iis.access.user_agent.os_name

type: keyword

The name of the operating system.

iis.access.user_agent.original

type: text

Original user agent value before parsing by ingest-user-agent plugin.

Field is not indexed.

geoip fields

edit

Contains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.

iis.access.geoip.continent_name

type: keyword

The name of the continent.

iis.access.geoip.country_iso_code

type: keyword

Country ISO code.

iis.access.geoip.location

type: geo_point

The longitude and latitude.

iis.access.geoip.region_name

type: keyword

The region name.

iis.access.geoip.city_name

type: keyword

The city name.

iis.access.geoip.region_iso_code

type: keyword

Region ISO code.

error fields

edit

Contains fields for IIS error logs.

iis.error.remote_ip

type: keyword

The client IP address.

iis.error.remote_port

type: long

The client port number.

iis.error.server_ip

type: keyword

The server IP address.

iis.error.server_port

type: long

The server port number.

iis.error.http_version

type: keyword

The HTTP version.

iis.error.method

type: keyword

example: GET

The request HTTP method.

iis.error.url

type: keyword

The request HTTP URL.

iis.error.response_code

type: long

The HTTP response code.

iis.error.reason_phrase

type: keyword

The HTTP reason phrase.

iis.error.queue_name

type: keyword

The IIS application pool name.

geoip fields

edit

Contains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.

iis.error.geoip.continent_name

type: keyword

The name of the continent.

iis.error.geoip.country_iso_code

type: keyword

Country ISO code.

iis.error.geoip.location

type: geo_point

The longitude and latitude.

iis.error.geoip.region_name

type: keyword

The region name.

iis.error.geoip.city_name

type: keyword

The city name.

iis.error.geoip.region_iso_code

type: keyword

Region ISO code.

« Icinga fields Kafka fields »