URL Fields
editURL Fields
editURL fields provide support for complete or partial URLs, and supports the breaking down into scheme, domain, path, and so on.
URL Field Details
editField | Description | Level |
---|---|---|
url.domain |
Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the type: keyword example: |
extended |
url.extension |
The field contains the file extension from the original request url. The file extension is only set if it exists, as not every url has a file extension. The leading period must not be included. For example, the value must be "png", not ".png". type: keyword example: |
extended |
url.fragment |
Portion of the url after the The type: keyword |
extended |
url.full |
If full URLs are important to your use case, they should be stored in type: keyword example: |
extended |
url.original |
Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not. type: keyword example: |
extended |
url.password |
Password of the request. type: keyword |
extended |
url.path |
Path of the request, such as "/search". type: keyword |
extended |
url.port |
Port of the request, such as 443. type: long example: |
extended |
url.query |
The query field describes the query string of the request, such as "q=elasticsearch". The type: keyword |
extended |
url.registered_domain |
The highest registered url domain, stripped of the subdomain. For example, the registered domain for "foo.google.com" is "google.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". type: keyword example: |
extended |
url.scheme |
Scheme of the request, such as "https". Note: The type: keyword example: |
extended |
url.top_level_domain |
The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". type: keyword example: |
extended |
url.username |
Username of the request. type: keyword |
extended |