System fields
editSystem fields
editSystem status metrics, like CPU and memory usage, that are collected from the operating system.
system fields
editsystem contains local system metrics.
core fields
editsystem-core contains CPU metrics for a single core of a multi-core system.
-
system.core.id -
type: long
CPU Core number.
-
system.core.user.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in user space.
-
system.core.user.ticks -
type: long
The amount of CPU time spent in user space.
-
system.core.system.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in kernel space.
-
system.core.system.ticks -
type: long
The amount of CPU time spent in kernel space.
-
system.core.nice.pct -
type: scaled_float
format: percent
The percentage of CPU time spent on low-priority processes.
-
system.core.nice.ticks -
type: long
The amount of CPU time spent on low-priority processes.
-
system.core.idle.pct -
type: scaled_float
format: percent
The percentage of CPU time spent idle.
-
system.core.idle.ticks -
type: long
The amount of CPU time spent idle.
-
system.core.iowait.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in wait (on disk).
-
system.core.iowait.ticks -
type: long
The amount of CPU time spent in wait (on disk).
-
system.core.irq.pct -
type: scaled_float
format: percent
The percentage of CPU time spent servicing and handling hardware interrupts.
-
system.core.irq.ticks -
type: long
The amount of CPU time spent servicing and handling hardware interrupts.
-
system.core.softirq.pct -
type: scaled_float
format: percent
The percentage of CPU time spent servicing and handling software interrupts.
-
system.core.softirq.ticks -
type: long
The amount of CPU time spent servicing and handling software interrupts.
-
system.core.steal.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix.
-
system.core.steal.ticks -
type: long
The amount of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix.
cpu fields
editcpu contains local CPU stats.
-
system.cpu.cores -
type: long
The number of CPU cores present on the host. The non-normalized percentages will have a maximum value of
100% * cores. The normalized percentages already take this value into account and have a maximum value of 100%. -
system.cpu.user.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in user space. On multi-core systems, you can have percentages that are greater than 100%. For example, if 3 cores are at 60% use, then the
system.cpu.user.pctwill be 180%. -
system.cpu.system.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in kernel space.
-
system.cpu.nice.pct -
type: scaled_float
format: percent
The percentage of CPU time spent on low-priority processes.
-
system.cpu.idle.pct -
type: scaled_float
format: percent
The percentage of CPU time spent idle.
-
system.cpu.iowait.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in wait (on disk).
-
system.cpu.irq.pct -
type: scaled_float
format: percent
The percentage of CPU time spent servicing and handling hardware interrupts.
-
system.cpu.softirq.pct -
type: scaled_float
format: percent
The percentage of CPU time spent servicing and handling software interrupts.
-
system.cpu.steal.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix.
-
system.cpu.total.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in non-idle state.
-
system.cpu.user.norm.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in user space.
-
system.cpu.system.norm.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in kernel space.
-
system.cpu.nice.norm.pct -
type: scaled_float
format: percent
The percentage of CPU time spent on low-priority processes.
-
system.cpu.idle.norm.pct -
type: scaled_float
format: percent
The percentage of CPU time spent idle.
-
system.cpu.iowait.norm.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in wait (on disk).
-
system.cpu.irq.norm.pct -
type: scaled_float
format: percent
The percentage of CPU time spent servicing and handling hardware interrupts.
-
system.cpu.softirq.norm.pct -
type: scaled_float
format: percent
The percentage of CPU time spent servicing and handling software interrupts.
-
system.cpu.steal.norm.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix.
-
system.cpu.total.norm.pct -
type: scaled_float
format: percent
The percentage of CPU time spent in non-idle state.
-
system.cpu.user.ticks -
type: long
The amount of CPU time spent in user space.
-
system.cpu.system.ticks -
type: long
The amount of CPU time spent in kernel space.
-
system.cpu.nice.ticks -
type: long
The amount of CPU time spent on low-priority processes.
-
system.cpu.idle.ticks -
type: long
The amount of CPU time spent idle.
-
system.cpu.iowait.ticks -
type: long
The amount of CPU time spent in wait (on disk).
-
system.cpu.irq.ticks -
type: long
The amount of CPU time spent servicing and handling hardware interrupts.
-
system.cpu.softirq.ticks -
type: long
The amount of CPU time spent servicing and handling software interrupts.
-
system.cpu.steal.ticks -
type: long
The amount of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix.
diskio fields
editdisk contains disk IO metrics collected from the operating system.
-
system.diskio.name -
type: keyword
example: sda1
The disk name.
-
system.diskio.serial_number -
type: keyword
The disk’s serial number. This may not be provided by all operating systems.
-
system.diskio.read.count -
type: long
The total number of reads completed successfully.
-
system.diskio.write.count -
type: long
The total number of writes completed successfully.
-
system.diskio.read.bytes -
type: long
format: bytes
The total number of bytes read successfully. On Linux this is the number of sectors read multiplied by an assumed sector size of 512.
-
system.diskio.write.bytes -
type: long
format: bytes
The total number of bytes written successfully. On Linux this is the number of sectors written multiplied by an assumed sector size of 512.
-
system.diskio.read.time -
type: long
The total number of milliseconds spent by all reads.
-
system.diskio.write.time -
type: long
The total number of milliseconds spent by all writes.
-
system.diskio.io.time -
type: long
The total number of of milliseconds spent doing I/Os.
-
system.diskio.iostat.read.request.merges_per_sec -
type: float
The number of read requests merged per second that were queued to the device.
-
system.diskio.iostat.write.request.merges_per_sec -
type: float
The number of write requests merged per second that were queued to the device.
-
system.diskio.iostat.read.request.per_sec -
type: float
The number of read requests that were issued to the device per second
-
system.diskio.iostat.write.request.per_sec -
type: float
The number of write requests that were issued to the device per second
-
system.diskio.iostat.read.per_sec.bytes -
type: float
format: bytes
The number of Bytes read from the device per second.
-
system.diskio.iostat.write.per_sec.bytes -
type: float
format: bytes
The number of Bytes write from the device per second.
-
system.diskio.iostat.request.avg_size -
type: float
The average size (in sectors) of the requests that were issued to the device.
-
system.diskio.iostat.queue.avg_size -
type: float
The average queue length of the requests that were issued to the device.
-
system.diskio.iostat.await -
type: float
The average time spent for requests issued to the device to be served.
-
system.diskio.iostat.service_time -
type: float
The average service time (in milliseconds) for I/O requests that were issued to the device.
-
system.diskio.iostat.busy -
type: float
Percentage of CPU time during which I/O requests were issued to the device (bandwidth utilization for the device). Device saturation occurs when this value is close to 100%.
filesystem fields
editfilesystem contains local filesystem stats.
-
system.filesystem.available -
type: long
format: bytes
The disk space available to an unprivileged user in bytes.
-
system.filesystem.device_name -
type: keyword
The disk name. For example:
/dev/disk1 -
system.filesystem.type -
type: keyword
The disk type. For example:
ext4 -
system.filesystem.mount_point -
type: keyword
The mounting point. For example:
/ -
system.filesystem.files -
type: long
The total number of file nodes in the file system.
-
system.filesystem.free -
type: long
format: bytes
The disk space available in bytes.
-
system.filesystem.free_files -
type: long
The number of free file nodes in the file system.
-
system.filesystem.total -
type: long
format: bytes
The total disk space in bytes.
-
system.filesystem.used.bytes -
type: long
format: bytes
The used disk space in bytes.
-
system.filesystem.used.pct -
type: scaled_float
format: percent
The percentage of used disk space.
fsstat fields
editsystem.fsstat contains filesystem metrics aggregated from all mounted filesystems.
-
system.fsstat.count -
type: long
Number of file systems found.
-
system.fsstat.total_files -
type: long
Total number of files.
total_size fields
editNested file system docs.
-
system.fsstat.total_size.free -
type: long
format: bytes
Total free space.
-
system.fsstat.total_size.used -
type: long
format: bytes
Total used space.
-
system.fsstat.total_size.total -
type: long
format: bytes
Total space (used plus free).
load fields
editCPU load averages.
-
system.load.1 -
type: scaled_float
Load average for the last minute.
-
system.load.5 -
type: scaled_float
Load average for the last 5 minutes.
-
system.load.15 -
type: scaled_float
Load average for the last 15 minutes.
-
system.load.norm.1 -
type: scaled_float
Load for the last minute divided by the number of cores.
-
system.load.norm.5 -
type: scaled_float
Load for the last 5 minutes divided by the number of cores.
-
system.load.norm.15 -
type: scaled_float
Load for the last 15 minutes divided by the number of cores.
-
system.load.cores -
type: long
The number of CPU cores present on the host.
memory fields
editmemory contains local memory stats.
-
system.memory.total -
type: long
format: bytes
Total memory.
-
system.memory.used.bytes -
type: long
format: bytes
Used memory.
-
system.memory.free -
type: long
format: bytes
The total amount of free memory in bytes. This value does not include memory consumed by system caches and buffers (see system.memory.actual.free).
-
system.memory.used.pct -
type: scaled_float
format: percent
The percentage of used memory.
actual fields
editActual memory used and free.
-
system.memory.actual.used.bytes -
type: long
format: bytes
Actual used memory in bytes. It represents the difference between the total and the available memory. The available memory depends on the OS. For more details, please check
system.actual.free. -
system.memory.actual.free -
type: long
format: bytes
Actual free memory in bytes. It is calculated based on the OS. On Linux it consists of the free memory plus caches and buffers. On OSX it is a sum of free memory and the inactive memory. On Windows, it is equal to
system.memory.free. -
system.memory.actual.used.pct -
type: scaled_float
format: percent
The percentage of actual used memory.
swap fields
editThis group contains statistics related to the swap memory usage on the system.
-
system.memory.swap.total -
type: long
format: bytes
Total swap memory.
-
system.memory.swap.used.bytes -
type: long
format: bytes
Used swap memory.
-
system.memory.swap.free -
type: long
format: bytes
Available swap memory.
-
system.memory.swap.used.pct -
type: scaled_float
format: percent
The percentage of used swap memory.
hugepages fields
editThis group contains statistics related to huge pages usage on the system.
-
system.memory.hugepages.total -
type: long
format: number
Number of huge pages in the pool.
-
system.memory.hugepages.used.bytes -
type: long
format: bytes
Memory used in allocated huge pages.
-
system.memory.hugepages.used.pct -
type: long
format: percent
Percentage of huge pages used.
-
system.memory.hugepages.free -
type: long
format: number
Number of available huge pages in the pool.
-
system.memory.hugepages.reserved -
type: long
format: number
Number of reserved but not allocated huge pages in the pool.
-
system.memory.hugepages.surplus -
type: long
format: number
Number of overcommited huge pages.
-
system.memory.hugepages.default_size -
type: long
format: bytes
Default size for huge pages.
network fields
editnetwork contains network IO metrics for a single network interface.
-
system.network.name -
type: keyword
example: eth0
The network interface name.
-
system.network.out.bytes -
type: long
format: bytes
The number of bytes sent.
-
system.network.in.bytes -
type: long
format: bytes
The number of bytes received.
-
system.network.out.packets -
type: long
The number of packets sent.
-
system.network.in.packets -
type: long
The number or packets received.
-
system.network.in.errors -
type: long
The number of errors while receiving.
-
system.network.out.errors -
type: long
The number of errors while sending.
-
system.network.in.dropped -
type: long
The number of incoming packets that were dropped.
-
system.network.out.dropped -
type: long
The number of outgoing packets that were dropped. This value is always 0 on Darwin and BSD because it is not reported by the operating system.
process fields
editprocess contains process metadata, CPU metrics, and memory metrics.
-
system.process.name -
type: keyword
The process name.
-
system.process.state -
type: keyword
The process state. For example: "running".
-
system.process.pid -
type: long
The process pid.
-
system.process.ppid -
type: long
The process parent pid.
-
system.process.pgid -
type: long
The process group id.
-
system.process.cmdline -
type: keyword
The full command-line used to start the process, including the arguments separated by space.
-
system.process.username -
type: keyword
The username of the user that created the process. If the username cannot be determined, the field will contain the user’s numeric identifier (UID). On Windows, this field includes the user’s domain and is formatted as
domain\username. -
system.process.cwd -
type: keyword
The current working directory of the process. This field is only available on Linux.
-
system.process.env -
type: object
The environment variables used to start the process. The data is available on FreeBSD, Linux, and OS X.
cpu fields
editCPU-specific statistics per process.
-
system.process.cpu.user.ticks -
type: long
The amount of CPU time the process spent in user space.
-
system.process.cpu.total.value -
type: long
The value of CPU usage since starting the process.
-
system.process.cpu.total.pct -
type: scaled_float
format: percent
The percentage of CPU time spent by the process since the last update. Its value is similar to the %CPU value of the process displayed by the top command on Unix systems.
-
system.process.cpu.total.norm.pct -
type: scaled_float
format: percent
The percentage of CPU time spent by the process since the last event. This value is normalized by the number of CPU cores and it ranges from 0 to 100%.
-
system.process.cpu.system.ticks -
type: long
The amount of CPU time the process spent in kernel space.
-
system.process.cpu.total.ticks -
type: long
The total CPU time spent by the process.
-
system.process.cpu.start_time -
type: date
The time when the process was started.
memory fields
editMemory-specific statistics per process.
-
system.process.memory.size -
type: long
format: bytes
The total virtual memory the process has.
-
system.process.memory.rss.bytes -
type: long
format: bytes
The Resident Set Size. The amount of memory the process occupied in main memory (RAM).
-
system.process.memory.rss.pct -
type: scaled_float
format: percent
The percentage of memory the process occupied in main memory (RAM).
-
system.process.memory.share -
type: long
format: bytes
The shared memory the process uses.
fd fields
editFile descriptor usage metrics. This set of metrics is available for Linux and FreeBSD.
-
system.process.fd.open -
type: long
The number of file descriptors open by the process.
-
system.process.fd.limit.soft -
type: long
The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time.
-
system.process.fd.limit.hard -
type: long
The hard limit on the number of file descriptors opened by the process. The hard limit can only be raised by root.
cgroup fields
editMetrics and limits from the cgroup of which the task is a member. cgroup metrics are reported when the process has membership in a non-root cgroup. These metrics are only available on Linux.
-
system.process.cgroup.id -
type: keyword
The ID common to all cgroups associated with this task. If there isn’t a common ID used by all cgroups this field will be absent.
-
system.process.cgroup.path -
type: keyword
The path to the cgroup relative to the cgroup subsystem’s mountpoint. If there isn’t a common path used by all cgroups this field will be absent.
cpu fields
editThe cpu subsystem schedules CPU access for tasks in the cgroup. Access can be controlled by two separate schedulers, CFS and RT. CFS stands for completely fair scheduler which proportionally divides the CPU time between cgroups based on weight. RT stands for real time scheduler which sets a maximum amount of CPU time that processes in the cgroup can consume during a given period.
-
system.process.cgroup.cpu.id -
type: keyword
ID of the cgroup.
-
system.process.cgroup.cpu.path -
type: keyword
Path to the cgroup relative to the cgroup subsystem’s mountpoint.
-
system.process.cgroup.cpu.cfs.period.us -
type: long
Period of time in microseconds for how regularly a cgroup’s access to CPU resources should be reallocated.
-
system.process.cgroup.cpu.cfs.quota.us -
type: long
Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us).
-
system.process.cgroup.cpu.cfs.shares -
type: long
An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher.
-
system.process.cgroup.cpu.rt.period.us -
type: long
Period of time in microseconds for how regularly a cgroup’s access to CPU resources is reallocated.
-
system.process.cgroup.cpu.rt.runtime.us -
type: long
Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources.
-
system.process.cgroup.cpu.stats.periods -
type: long
Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed.
-
system.process.cgroup.cpu.stats.throttled.periods -
type: long
Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota).
-
system.process.cgroup.cpu.stats.throttled.ns -
type: long
The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled.
cpuacct fields
editCPU accounting metrics.
-
system.process.cgroup.cpuacct.id -
type: keyword
ID of the cgroup.
-
system.process.cgroup.cpuacct.path -
type: keyword
Path to the cgroup relative to the cgroup subsystem’s mountpoint.
-
system.process.cgroup.cpuacct.total.ns -
type: long
Total CPU time in nanoseconds consumed by all tasks in the cgroup.
-
system.process.cgroup.cpuacct.stats.user.ns -
type: long
CPU time consumed by tasks in user mode.
-
system.process.cgroup.cpuacct.stats.system.ns -
type: long
CPU time consumed by tasks in user (kernel) mode.
-
system.process.cgroup.cpuacct.percpu -
type: object
CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup.
memory fields
editMemory limits and metrics.
-
system.process.cgroup.memory.id -
type: keyword
ID of the cgroup.
-
system.process.cgroup.memory.path -
type: keyword
Path to the cgroup relative to the cgroup subsystem’s mountpoint.
-
system.process.cgroup.memory.mem.usage.bytes -
type: long
format: bytes
Total memory usage by processes in the cgroup (in bytes).
-
system.process.cgroup.memory.mem.usage.max.bytes -
type: long
format: bytes
The maximum memory used by processes in the cgroup (in bytes).
-
system.process.cgroup.memory.mem.limit.bytes -
type: long
format: bytes
The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use.
-
system.process.cgroup.memory.mem.failures -
type: long
The number of times that the memory limit (mem.limit.bytes) was reached.
-
system.process.cgroup.memory.memsw.usage.bytes -
type: long
format: bytes
The sum of current memory usage plus swap space used by processes in the cgroup (in bytes).
-
system.process.cgroup.memory.memsw.usage.max.bytes -
type: long
format: bytes
The maximum amount of memory and swap space used by processes in the cgroup (in bytes).
-
system.process.cgroup.memory.memsw.limit.bytes -
type: long
format: bytes
The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use.
-
system.process.cgroup.memory.memsw.failures -
type: long
The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached.
-
system.process.cgroup.memory.kmem.usage.bytes -
type: long
format: bytes
Total kernel memory usage by processes in the cgroup (in bytes).
-
system.process.cgroup.memory.kmem.usage.max.bytes -
type: long
format: bytes
The maximum kernel memory used by processes in the cgroup (in bytes).
-
system.process.cgroup.memory.kmem.limit.bytes -
type: long
format: bytes
The maximum amount of kernel memory that tasks in the cgroup are allowed to use.
-
system.process.cgroup.memory.kmem.failures -
type: long
The number of times that the memory limit (kmem.limit.bytes) was reached.
-
system.process.cgroup.memory.kmem_tcp.usage.bytes -
type: long
format: bytes
Total memory usage for TCP buffers in bytes.
-
system.process.cgroup.memory.kmem_tcp.usage.max.bytes -
type: long
format: bytes
The maximum memory used for TCP buffers by processes in the cgroup (in bytes).
-
system.process.cgroup.memory.kmem_tcp.limit.bytes -
type: long
format: bytes
The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use.
-
system.process.cgroup.memory.kmem_tcp.failures -
type: long
The number of times that the memory limit (kmem_tcp.limit.bytes) was reached.
-
system.process.cgroup.memory.stats.active_anon.bytes -
type: long
format: bytes
Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes.
-
system.process.cgroup.memory.stats.active_file.bytes -
type: long
format: bytes
File-backed memory on active LRU list, in bytes.
-
system.process.cgroup.memory.stats.cache.bytes -
type: long
format: bytes
Page cache, including tmpfs (shmem), in bytes.
-
system.process.cgroup.memory.stats.hierarchical_memory_limit.bytes -
type: long
format: bytes
Memory limit for the hierarchy that contains the memory cgroup, in bytes.
-
system.process.cgroup.memory.stats.hierarchical_memsw_limit.bytes -
type: long
format: bytes
Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes.
-
system.process.cgroup.memory.stats.inactive_anon.bytes -
type: long
format: bytes
Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes
-
system.process.cgroup.memory.stats.inactive_file.bytes -
type: long
format: bytes
File-backed memory on inactive LRU list, in bytes.
-
system.process.cgroup.memory.stats.mapped_file.bytes -
type: long
format: bytes
Size of memory-mapped mapped files, including tmpfs (shmem), in bytes.
-
system.process.cgroup.memory.stats.page_faults -
type: long
Number of times that a process in the cgroup triggered a page fault.
-
system.process.cgroup.memory.stats.major_page_faults -
type: long
Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk.
-
system.process.cgroup.memory.stats.pages_in -
type: long
Number of pages paged into memory. This is a counter.
-
system.process.cgroup.memory.stats.pages_out -
type: long
Number of pages paged out of memory. This is a counter.
-
system.process.cgroup.memory.stats.rss.bytes -
type: long
format: bytes
Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes.
-
system.process.cgroup.memory.stats.rss_huge.bytes -
type: long
format: bytes
Number of bytes of anonymous transparent hugepages.
-
system.process.cgroup.memory.stats.swap.bytes -
type: long
format: bytes
Swap usage, in bytes.
-
system.process.cgroup.memory.stats.unevictable.bytes -
type: long
format: bytes
Memory that cannot be reclaimed, in bytes.
blkio fields
editBlock IO metrics.
-
system.process.cgroup.blkio.id -
type: keyword
ID of the cgroup.
-
system.process.cgroup.blkio.path -
type: keyword
Path to the cgroup relative to the cgroup subsystems mountpoint.
-
system.process.cgroup.blkio.total.bytes -
type: long
format: bytes
Total number of bytes transferred to and from all block devices by processes in the cgroup.
-
system.process.cgroup.blkio.total.ios -
type: long
Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy.
process.summary fields
editSummary metrics for the processes running on the host.
-
system.process.summary.total -
type: long
Total number of processes on this host.
-
system.process.summary.running -
type: long
Number of running processes on this host.
-
system.process.summary.idle -
type: long
Number of idle processes on this host.
-
system.process.summary.sleeping -
type: long
Number of sleeping processes on this host.
-
system.process.summary.stopped -
type: long
Number of stopped processes on this host.
-
system.process.summary.zombie -
type: long
Number of zombie processes on this host.
-
system.process.summary.unknown -
type: long
Number of processes for which the state couldn’t be retrieved or is unknown.
raid fields
editraid
-
system.raid.name -
type: keyword
Name of the device.
-
system.raid.activity_state -
type: keyword
activity-state of the device.
-
system.raid.disks.active -
type: long
Number of active disks.
-
system.raid.disks.total -
type: long
Total number of disks the device consists of.
-
system.raid.blocks.total -
type: long
Number of blocks the device holds.
-
system.raid.blocks.synced -
type: long
Number of blocks on the device that are in sync.
socket fields
editTCP sockets that are active.
-
system.socket.direction -
type: keyword
example: incoming
How the socket was initiated. Possible values are incoming, outgoing, or listening.
-
system.socket.family -
type: keyword
example: ipv4
Address family.
-
system.socket.local.ip -
type: ip
example: 192.0.2.1 or 2001:0DB8:ABED:8536::1
Local IP address. This can be an IPv4 or IPv6 address.
-
system.socket.local.port -
type: long
example: 22
Local port.
-
system.socket.remote.ip -
type: ip
example: 192.0.2.1 or 2001:0DB8:ABED:8536::1
Remote IP address. This can be an IPv4 or IPv6 address.
-
system.socket.remote.port -
type: long
example: 22
Remote port.
-
system.socket.remote.host -
type: keyword
example: 76-211-117-36.nw.example.com.
PTR record associated with the remote IP. It is obtained via reverse IP lookup.
-
system.socket.remote.etld_plus_one -
type: keyword
example: example.com.
The effective top-level domain (eTLD) of the remote host plus one more label. For example, the eTLD+1 for "foo.bar.golang.org." is "golang.org.". The data for determining the eTLD comes from an embedded copy of the data from http://publicsuffix.org.
-
system.socket.remote.host_error -
type: keyword
Error describing the cause of the reverse lookup failure.
-
system.socket.process.pid -
type: long
ID of the process that opened the socket.
-
system.socket.process.command -
type: keyword
Name of the command (limited to 20 chars by the OS).
-
system.socket.process.cmdline -
type: keyword
-
system.socket.process.exe -
type: keyword
Absolute path to the executable.
-
system.socket.user.id -
type: long
UID of the user running the process.
-
system.socket.user.name -
type: keyword
Name of the user running the process.
uptime fields
edituptime contains the operating system uptime metric.
-
system.uptime.duration.ms -
type: long
format: duration
The OS uptime in milliseconds.