WARNING: Version 5.3 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Common Fields
editCommon Fields
editThese fields contain data about the environment in which the transaction or flow was captured.
server
editThe name of the server that served the transaction.
client_server
editThe name of the server that initiated the transaction.
service
editThe name of the logical service that served the transaction.
client_service
editThe name of the logical service that initiated the transaction.
ip
editformat: dotted notation.
The IP address of the server that served the transaction.
client_ip
editformat: dotted notation.
The IP address of the server that initiated the transaction.
real_ip
editformat: Dotted notation.
If the server initiating the transaction is a proxy, this field contains the original client IP address. For HTTP, for example, the IP address extracted from a configurable HTTP header, by default X-Forwarded-For
.
Unless this field is disabled, it always has a value, and it matches the client_ip
for non proxy clients.
client_location
edittype: geo_point
example: 40.715, -74.011
DEPRECATED. Please use client_geoip
instead. The GeoIP location of the real_ip
IP address or of the client_ip
address if the real_ip
is disabled. The field is a string containing the latitude and longitude separated by a comma.
client_geoip Fields
editThe GeoIP information of the client.
client_geoip.location
edittype: geo_point
example: {lat: 51, lon: 9}
The GeoIP location of the client_ip
address. This field is available only if you define a GeoIP Processor as a pipeline in the Ingest GeoIP processor plugin or using Logstash.
client_port
editformat: dotted notation.
The layer 4 port of the process that initiated the transaction.
transport
editexample: udp
The transport protocol used for the transaction. If not specified, then tcp is assumed.
type
editrequired: True
The type of the transaction (for example, HTTP, MySQL, Redis, or RUM) or "flow" in case of flows.
port
editformat: dotted notation.
The layer 4 port of the process that served the transaction.
proc
editThe name of the process that served the transaction.
client_proc
editThe name of the process that initiated the transaction.
release
editThe software release of the service serving the transaction. This can be the commit id or a semantic version.