IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Host Fields Interface Fields »
Elastic Docs Elastic Common Schema (ECS) Reference [1.6] ECS Field Reference

HTTP Fields

edit

HTTP Fields

edit

Fields related to HTTP activity. Use the url field set to store the url of the request.

HTTP Field Details

edit
Field Description Level

http.request.body.bytes

Size in bytes of the request body.

type: long

example: 887

extended

http.request.body.content

The full HTTP request body.

type: keyword

Multi-fields:

* http.request.body.content.text (type: text)

example: Hello world

extended

http.request.bytes

Total size in bytes of the request (body and headers).

type: long

example: 1437

extended

http.request.method

HTTP request method.

Prior to ECS 1.6.0 the following guidance was provided:

"The field value must be normalized to lowercase for querying."

As of ECS 1.6.0, the guidance is deprecated because the original case of the method may be useful in anomaly detection. Original case will be mandated in ECS 2.0.0

type: keyword

example: GET, POST, PUT, PoST

extended

http.request.referrer

Referrer for this HTTP request.

type: keyword

example: https://blog.example.com/

extended

http.response.body.bytes

Size in bytes of the response body.

type: long

example: 887

extended

http.response.body.content

The full HTTP response body.

type: keyword

Multi-fields:

* http.response.body.content.text (type: text)

example: Hello world

extended

http.response.bytes

Total size in bytes of the response (body and headers).

type: long

example: 1437

extended

http.response.status_code

HTTP response status code.

type: long

example: 404

extended

http.version

HTTP version.

type: keyword

example: 1.1

extended
« Host Fields Interface Fields »