TLS encryption layer fields
editTLS encryption layer fields
editNone
tls
editTLS layer related fields.
-
tls.certificate_not_valid_before
-
[7.8.0] Deprecated in 7.8.0.
Deprecated in favor of
tls.server.x509.not_before
. Earliest time at which the connection’s certificates are valid.type: date
-
tls.certificate_not_valid_after
-
[7.8.0] Deprecated in 7.8.0.
Deprecated in favor of
tls.server.x509.not_after
. Latest time at which the connection’s certificates are valid.type: date
rtt
editTLS layer round trip times.
handshake
editTime required to finish TLS handshake based on already available network connection.
-
tls.rtt.handshake.us
-
Duration in microseconds
type: long
server
editDetailed x509 certificate metadata
-
tls.server.x509.alternative_names
-
List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses.
type: keyword
example: *.elastic.co
-
tls.server.x509.issuer.common_name
-
List of common name (CN) of issuing certificate authority.
type: keyword
example: DigiCert SHA2 High Assurance Server CA
-
tls.server.x509.issuer.common_name.text
-
type: text
-
tls.server.x509.issuer.distinguished_name
-
Distinguished name (DN) of issuing certificate authority.
type: keyword
example: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA
-
tls.server.x509.not_after
-
Time at which the certificate is no longer considered valid.
type: date
example: 2020-07-16 03:15:39
-
tls.server.x509.not_before
-
Time at which the certificate is first considered valid.
type: date
example: 2019-08-16 01:40:25
-
tls.server.x509.public_key_algorithm
-
Algorithm used to generate the public key.
type: keyword
example: RSA
-
tls.server.x509.public_key_curve
-
The curve used by the elliptic curve public key algorithm. This is algorithm specific.
type: keyword
example: nistp521
-
tls.server.x509.public_key_exponent
-
Exponent used to derive the public key. This is algorithm specific.
type: long
example: 65537
-
tls.server.x509.public_key_size
-
The size of the public key space in bits.
type: long
example: 2048
-
tls.server.x509.serial_number
-
Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters.
type: keyword
example: 55FBB9C7DEBF09809D12CCAA
-
tls.server.x509.signature_algorithm
-
Identifier for certificate signature algorithm. Recommend using names found in Go Lang Crypto library (See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353).
type: keyword
example: SHA256-RSA
-
tls.server.x509.subject.common_name
-
List of common names (CN) of subject.
type: keyword
example: r2.shared.global.fastly.net
-
tls.server.x509.subject.common_name.text
-
type: text
-
tls.server.x509.subject.distinguished_name
-
Distinguished name (DN) of the certificate subject entity.
type: keyword
example: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=r2.shared.global.fastly.net
-
tls.server.x509.version_number
-
Version of x509 format.
type: keyword
example: 3