HTTP Fields
editHTTP Fields
editFields related to HTTP activity. Use the url
field set to store the url of the request.
HTTP Field Details
editField | Description | Level |
---|---|---|
Size in bytes of the request body. type: long example: |
extended |
|
The full HTTP request body. type: keyword Multi-fields: * http.request.body.content.text (type: text) example: |
extended |
|
Total size in bytes of the request (body and headers). type: long example: |
extended |
|
HTTP request method. Prior to ECS 1.6.0 the following guidance was provided: "The field value must be normalized to lowercase for querying." As of ECS 1.6.0, the guidance is deprecated because the original case of the method may be useful in anomaly detection. Original case will be mandated in ECS 2.0.0 type: keyword example: |
extended |
|
Mime type of the body of the request. This value must only be populated based on the content of the request body, not on the type: keyword example: |
extended |
|
Referrer for this HTTP request. type: keyword example: |
extended |
|
Size in bytes of the response body. type: long example: |
extended |
|
The full HTTP response body. type: keyword Multi-fields: * http.response.body.content.text (type: text) example: |
extended |
|
Total size in bytes of the response (body and headers). type: long example: |
extended |
|
Mime type of the body of the response. This value must only be populated based on the content of the response body, not on the type: keyword example: |
extended |
|
HTTP response status code. type: long example: |
extended |
|
HTTP version. type: keyword example: |
extended |