Process Fields
editProcess Fields
editThese fields contain information about a process.
These fields can help you correlate metrics information with a process id/name from a log message. The process.pid
often stays in the metric itself and is copied to the global field for correlation.
Process Field Details
editField | Description | Level |
---|---|---|
process.args |
Array of process arguments. May be filtered to protect sensitive information. type: keyword example: |
extended |
process.executable |
Absolute path to the process executable. type: keyword example: |
extended |
process.name |
Process name. Sometimes called program name or similar. type: keyword example: |
extended |
process.pgid |
Identifier of the group of processes the process belongs to. type: long |
extended |
process.pid |
Process id. type: long example: |
core |
process.ppid |
Parent process' pid. type: long example: |
extended |
process.start |
The time the process started. type: date example: |
extended |
process.thread.id |
Thread ID. type: long example: |
extended |
process.thread.name |
Thread name. type: keyword example: |
extended |
process.title |
Process title. The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. type: keyword |
extended |
process.uptime |
Seconds the process has been up. type: long example: |
extended |
process.working_directory |
The working directory of the process. type: keyword example: |
extended |
Field Reuse
editField sets that can be nested under Process
editNested fields | Description |
---|---|
Hashes, usually file hashes. |