WARNING: Version 1.1 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Event Fields
editEvent Fields
editThese fields contain data about the transaction itself.
@timestamp
edittype: date
example: 2015-01-24 14:06:05.071000
format: YYYY-MM-DDTHH:MM:SS.milliZ
required: True
The timestamp of the event, as measured either by the Beat or by a common collector point. The precision is in milliseconds. The timezone is UTC.
count
edittype: int
required: True
A count of the number of transactions that this event represents. This is generally the inverse of the sampling rate. For example, for a sample rate of 1/10, the count is 10. The count is used by the UIs to return estimated values.
direction
editrequired: True
Indicates whether the transaction is inbound (emitted by server) or outbound (emitted by the client). Values can be in or out. No defaults.
status
editrequired: True
The high level status of the transaction. The way to compute this value depends on the protocol, but the result has a meaning independent of the protocol.
method
editThe command/verb/method of the transaction. For HTTP, this is the method name (GET, POST, PUT, and so on), for SQL this is the verb (SELECT, UPDATE, DELETE, and so on).
resource
editThe logical resource that this transaction refers to. For HTTP, this is the URL path up to the last slash (/). For example, if the URL is /users/1
, the resource is /users
. For databases, the resource is typically the table name. The field is not filled for all transaction types.
path
editrequired: True
The path the transaction refers to. For HTTP, this is the URL. For SQL databases, this is the table name. For key-value stores, this is the key.
query
edittype: string
The query in a human readable format. For HTTP, it will typically be something like GET /users/_search?name=test
. For MySQL, it is something like SELECT id from users where name=test
.
params
editThe request parameters. For HTTP, these are the POST or GET parameters. For Thrift-RPC, these are the parameters from the request.
notes
editMessages from Packetbeat itself. This field usually contains error messages for interpreting the raw data. This information can be helpful for troubleshooting.