- Packetbeat Reference: other versions:
- Packetbeat overview
- Quick start: installation and configuration
- Set up and run
- Upgrade Packetbeat
- Configure
- Traffic sniffing
- Network flows
- Protocols
- Processes
- General settings
- Project paths
- Output
- Kerberos
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Kibana endpoint
- Kibana dashboards
- Processors
- Define processors
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- append
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- rate_limit
- registered_domain
- rename
- replace
- syslog
- translate_ldap_attribute
- translate_sid
- truncate_fields
- urldecode
- Internal queue
- Logging
- HTTP endpoint
- Instrumentation
- Feature flags
- packetbeat.reference.yml
- How to guides
- Exported fields
- AMQP fields
- Beat fields
- Cassandra fields
- Cloud provider metadata fields
- Common fields
- DHCPv4 fields
- DNS fields
- Docker fields
- ECS fields
- Flow Event fields
- Host fields
- HTTP fields
- ICMP fields
- Jolokia Discovery autodiscover provider fields
- Kubernetes fields
- Memcache fields
- MongoDb fields
- MySQL fields
- NFS fields
- PostgreSQL fields
- Process fields
- Raw fields
- Redis fields
- SIP fields
- Thrift-RPC fields
- Detailed TLS fields
- Transaction Event fields
- Measurements (Transactions) fields
- Monitor
- Secure
- Visualize Packetbeat data in Kibana
- Troubleshoot
- Get help
- Debug
- Understand logged metrics
- Record a trace
- Common problems
- Dashboard in Kibana is breaking up data fields incorrectly
- Packetbeat doesn’t see any packets when using mirror ports
- Packetbeat can’t capture traffic from Windows loopback interface
- Packetbeat is missing long running transactions
- Packetbeat isn’t capturing MySQL performance data
- Packetbeat uses too much bandwidth
- Error loading config file
- Found unexpected or unknown characters
- Logstash connection doesn’t work
- Publishing to Logstash fails with "connection reset by peer" message
- @metadata is missing in Logstash
- Not sure whether to use Logstash or Beats
- SSL client fails to connect to Logstash
- Monitoring UI shows fewer Beats than expected
- Dashboard could not locate the index-pattern
- High RSS memory usage due to MADV settings
- Fields show up as nested JSON in Kibana
- Contribute to Beats
Cassandra v4/3 specific event fields.
-
no_request
-
type: alias
alias to: cassandra.no_request
Information about the Cassandra request and response.
-
cassandra.no_request
-
Indicates that there is no request because this is a PUSH message.
type: boolean
Cassandra request.
Cassandra request headers.
-
cassandra.request.headers.version
-
The version of the protocol.
type: long
-
cassandra.request.headers.flags
-
Flags applying to this frame.
type: keyword
-
cassandra.request.headers.stream
-
A frame has a stream id. If a client sends a request message with the stream id X, it is guaranteed that the stream id of the response to that message will be X.
type: keyword
-
cassandra.request.headers.op
-
An operation type that distinguishes the actual message.
type: keyword
-
cassandra.request.headers.length
-
A integer representing the length of the body of the frame (a frame is limited to 256MB in length).
type: long
-
cassandra.request.query
-
The CQL query which client send to cassandra.
type: keyword
Cassandra response.
Cassandra response headers, the structure is as same as request’s header.
-
cassandra.response.headers.version
-
The version of the protocol.
type: long
-
cassandra.response.headers.flags
-
Flags applying to this frame.
type: keyword
-
cassandra.response.headers.stream
-
A frame has a stream id. If a client sends a request message with the stream id X, it is guaranteed that the stream id of the response to that message will be X.
type: keyword
-
cassandra.response.headers.op
-
An operation type that distinguishes the actual message.
type: keyword
-
cassandra.response.headers.length
-
A integer representing the length of the body of the frame (a frame is limited to 256MB in length).
type: long
Details about the returned result.
-
cassandra.response.result.type
-
Cassandra result type.
type: keyword
Details about the rows.
-
cassandra.response.result.rows.num_rows
-
Representing the number of rows present in this result.
type: long
Composed of result metadata.
-
cassandra.response.result.rows.meta.keyspace
-
Only present after set Global_tables_spec, the keyspace name.
type: keyword
-
cassandra.response.result.rows.meta.table
-
Only present after set Global_tables_spec, the table name.
type: keyword
-
cassandra.response.result.rows.meta.flags
-
Provides information on the formatting of the remaining information.
type: keyword
-
cassandra.response.result.rows.meta.col_count
-
Representing the number of columns selected by the query that produced this result.
type: long
-
cassandra.response.result.rows.meta.pkey_columns
-
Representing the PK columns index and counts.
type: long
-
cassandra.response.result.rows.meta.paging_state
-
The paging_state is a bytes value that should be used in QUERY/EXECUTE to continue paging and retrieve the remainder of the result for this query.
type: keyword
-
cassandra.response.result.keyspace
-
Indicating the name of the keyspace that has been set.
type: keyword
The result to a schema_change message.
-
cassandra.response.result.schema_change.change
-
Representing the type of changed involved.
type: keyword
-
cassandra.response.result.schema_change.keyspace
-
This describes which keyspace has changed.
type: keyword
-
cassandra.response.result.schema_change.table
-
This describes which table has changed.
type: keyword
-
cassandra.response.result.schema_change.object
-
This describes the name of said affected object (either the table, user type, function, or aggregate name).
type: keyword
-
cassandra.response.result.schema_change.target
-
Target could be "FUNCTION" or "AGGREGATE", multiple arguments.
type: keyword
-
cassandra.response.result.schema_change.name
-
The function/aggregate name.
type: keyword
-
cassandra.response.result.schema_change.args
-
One string for each argument type (as CQL type).
type: keyword
The result to a PREPARE message.
-
cassandra.response.result.prepared.prepared_id
-
Representing the prepared query ID.
type: keyword
This describes the request metadata.
-
cassandra.response.result.prepared.req_meta.keyspace
-
Only present after set Global_tables_spec, the keyspace name.
type: keyword
-
cassandra.response.result.prepared.req_meta.table
-
Only present after set Global_tables_spec, the table name.
type: keyword
-
cassandra.response.result.prepared.req_meta.flags
-
Provides information on the formatting of the remaining information.
type: keyword
-
cassandra.response.result.prepared.req_meta.col_count
-
Representing the number of columns selected by the query that produced this result.
type: long
-
cassandra.response.result.prepared.req_meta.pkey_columns
-
Representing the PK columns index and counts.
type: long
-
cassandra.response.result.prepared.req_meta.paging_state
-
The paging_state is a bytes value that should be used in QUERY/EXECUTE to continue paging and retrieve the remainder of the result for this query.
type: keyword
This describes the metadata for the result set.
-
cassandra.response.result.prepared.resp_meta.keyspace
-
Only present after set Global_tables_spec, the keyspace name.
type: keyword
-
cassandra.response.result.prepared.resp_meta.table
-
Only present after set Global_tables_spec, the table name.
type: keyword
-
cassandra.response.result.prepared.resp_meta.flags
-
Provides information on the formatting of the remaining information.
type: keyword
-
cassandra.response.result.prepared.resp_meta.col_count
-
Representing the number of columns selected by the query that produced this result.
type: long
-
cassandra.response.result.prepared.resp_meta.pkey_columns
-
Representing the PK columns index and counts.
type: long
-
cassandra.response.result.prepared.resp_meta.paging_state
-
The paging_state is a bytes value that should be used in QUERY/EXECUTE to continue paging and retrieve the remainder of the result for this query.
type: keyword
-
cassandra.response.supported
-
Indicates which startup options are supported by the server. This message comes as a response to an OPTIONS message.
type: object
Indicates that the server requires authentication, and which authentication mechanism to use.
-
cassandra.response.authentication.class
-
Indicates the full class name of the IAuthenticator in use
type: keyword
-
cassandra.response.warnings
-
The text of the warnings, only occur when Warning flag was set.
type: keyword
Event pushed by the server. A client will only receive events for the types it has REGISTERed to.
-
cassandra.response.event.type
-
Representing the event type.
type: keyword
-
cassandra.response.event.change
-
The message corresponding respectively to the type of change followed by the address of the new/removed node.
type: keyword
-
cassandra.response.event.host
-
Representing the node ip.
type: keyword
-
cassandra.response.event.port
-
Representing the node port.
type: long
The events details related to schema change.
-
cassandra.response.event.schema_change.change
-
Representing the type of changed involved.
type: keyword
-
cassandra.response.event.schema_change.keyspace
-
This describes which keyspace has changed.
type: keyword
-
cassandra.response.event.schema_change.table
-
This describes which table has changed.
type: keyword
-
cassandra.response.event.schema_change.object
-
This describes the name of said affected object (either the table, user type, function, or aggregate name).
type: keyword
-
cassandra.response.event.schema_change.target
-
Target could be "FUNCTION" or "AGGREGATE", multiple arguments.
type: keyword
-
cassandra.response.event.schema_change.name
-
The function/aggregate name.
type: keyword
-
cassandra.response.event.schema_change.args
-
One string for each argument type (as CQL type).
type: keyword
Indicates an error processing a request. The body of the message will be an error code followed by a error message. Then, depending on the exception, more content may follow.
-
cassandra.response.error.code
-
The error code of the Cassandra response.
type: long
-
cassandra.response.error.msg
-
The error message of the Cassandra response.
type: keyword
-
cassandra.response.error.type
-
The error type of the Cassandra response.
type: keyword
The details of the error.
-
cassandra.response.error.details.read_consistency
-
Representing the consistency level of the query that triggered the exception.
type: keyword
-
cassandra.response.error.details.required
-
Representing the number of nodes that should be alive to respect consistency level.
type: long
-
cassandra.response.error.details.alive
-
Representing the number of replicas that were known to be alive when the request had been processed (since an unavailable exception has been triggered).
type: long
-
cassandra.response.error.details.received
-
Representing the number of nodes having acknowledged the request.
type: long
-
cassandra.response.error.details.blockfor
-
Representing the number of replicas whose acknowledgement is required to achieve consistency level.
type: long
-
cassandra.response.error.details.write_type
-
Describe the type of the write that timed out.
type: keyword
-
cassandra.response.error.details.data_present
-
It means the replica that was asked for data had responded.
type: boolean
-
cassandra.response.error.details.keyspace
-
The keyspace of the failed function.
type: keyword
-
cassandra.response.error.details.table
-
The keyspace of the failed function.
type: keyword
-
cassandra.response.error.details.stmt_id
-
Representing the unknown ID.
type: keyword
-
cassandra.response.error.details.num_failures
-
Representing the number of nodes that experience a failure while executing the request.
type: keyword
-
cassandra.response.error.details.function
-
The name of the failed function.
type: keyword
-
cassandra.response.error.details.arg_types
-
One string for each argument type (as CQL type) of the failed function.
type: keyword
On this page
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now