AWS fields

edit

Module for handling logs from AWS.

aws

edit

Fields from AWS logs.

s3access

edit

Fields for AWS S3 server access logs.

aws.s3access.bucket_owner

The canonical user ID of the owner of the source bucket.

type: keyword

aws.s3access.bucket

The name of the bucket that the request was processed against.

type: keyword

aws.s3access.remote_ip

The apparent internet address of the requester.

type: ip

aws.s3access.requester

The canonical user ID of the requester, or a - for unauthenticated requests.

type: keyword

aws.s3access.request_id

A string generated by Amazon S3 to uniquely identify each request.

type: keyword

aws.s3access.operation

The operation listed here is declared as SOAP.operation, REST.HTTP_method.resource_type, WEBSITE.HTTP_method.resource_type, or BATCH.DELETE.OBJECT.

type: keyword

aws.s3access.key

The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter.

type: keyword

aws.s3access.request_uri

The Request-URI part of the HTTP request message.

type: keyword

aws.s3access.http_status

The numeric HTTP status code of the response.

type: long

aws.s3access.error_code

The Amazon S3 Error Code, or "-" if no error occurred.

type: keyword

aws.s3access.bytes_sent

The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero.

type: long

aws.s3access.object_size

The total size of the object in question.

type: long

aws.s3access.total_time

The number of milliseconds the request was in flight from the server’s perspective.

type: long

aws.s3access.turn_around_time

The number of milliseconds that Amazon S3 spent processing your request.

type: long

aws.s3access.referrer

The value of the HTTP Referrer header, if present.

type: keyword

aws.s3access.user_agent

The value of the HTTP User-Agent header.

type: keyword

aws.s3access.version_id

The version ID in the request, or "-" if the operation does not take a versionId parameter.

type: keyword

aws.s3access.host_id

The x-amz-id-2 or Amazon S3 extended request ID.

type: keyword

aws.s3access.signature_version

The signature version, SigV2 or SigV4, that was used to authenticate the request or a - for unauthenticated requests.

type: keyword

aws.s3access.cipher_suite

The Secure Sockets Layer (SSL) cipher that was negotiated for HTTPS request or a - for HTTP.

type: keyword

aws.s3access.authentication_type

The type of request authentication used, AuthHeader for authentication headers, QueryString for query string (pre-signed URL) or a - for unauthenticated requests.

type: keyword

aws.s3access.host_header

The endpoint used to connect to Amazon S3.

type: keyword

aws.s3access.tls_version

The Transport Layer Security (TLS) version negotiated by the client.

type: keyword