PostgreSQL Integration

@timestamp

Event timestamp.

date

cloud.image.id

Image ID for the cloud instance.

keyword

data_stream.dataset

Data stream dataset.

constant_keyword

data_stream.namespace

Data stream namespace.

constant_keyword

data_stream.type

Data stream type.

constant_keyword

event.code

Identification code for the event.

keyword

event.dataset

Event dataset

constant_keyword

event.module

Event module

constant_keyword

event.type

Severity of the event (info, error, etc.).

keyword

host.containerized

If the host is a container.

boolean

host.os.build

OS build information.

keyword

host.os.codename

OS codename, if any.

keyword

input.type

Input type.

keyword

log.flags

Flags for the log file.

keyword

log.offset

Log offset.

long

postgresql.log.application_name

Name of the application of this event. It is defined by the client.

keyword

postgresql.log.backend_type

Type of backend of this event. Possible types are autovacuum launcher, autovacuum worker, logical replication launcher, logical replication worker, parallel worker, background writer, client backend, checkpointer, startup, walreceiver, walsender and walwriter. In addition, background workers registered by extensions may have additional types.

keyword

postgresql.log.client_addr

Host where the connection originated from.

keyword

postgresql.log.client_port

Port where the connection originated from.

long

postgresql.log.command_tag

Type of session’s current command. The complete list can be found at: src/include/tcop/cmdtaglist.h

keyword

postgresql.log.context

Error context.

keyword

postgresql.log.database

Name of database.

keyword

postgresql.log.detail

More information about the message, parameters in case of a parametrized query. e.g. Role "user" does not exist., parameters: $1 = 42, etc.

keyword

postgresql.log.hint

A possible solution to solve an error.

keyword

postgresql.log.internal_query

Internal query that led to the error (if any).

keyword

postgresql.log.internal_query_pos

Character count of the internal query (if any).

long

postgresql.log.location

Location of the error in the PostgreSQL source code (if log_error_verbosity is set to verbose).

keyword

postgresql.log.query

Query statement. In the case of CSV parse, look at command_tag to get more context.

keyword

postgresql.log.query_name

Name given to a query when using extended query protocol. If it is "<unnamed\>", or not present, this field is ignored.

keyword

postgresql.log.query_pos

Character count of the error position (if any).

long

postgresql.log.query_step

Statement step when using extended query protocol (one of statement, parse, bind or execute).

keyword

postgresql.log.sequence_number

Sequence number circumvents that the last message was repeated N times.

long

postgresql.log.session_id

PostgreSQL session.

keyword

postgresql.log.session_line_number

Line number inside a session. (%l in log_line_prefix).

long

postgresql.log.session_start_time

Time when this session started.

date

postgresql.log.sql_state_code

State code returned by Postgres (if any). See also https://www.postgresql.org/docs/current/errcodes-appendix.html

keyword

postgresql.log.timestamp

The timestamp from the log line.

keyword

postgresql.log.transaction_id

The id of current transaction.

long

postgresql.log.virtual_transaction_id

Backend local transaction id.

keyword

@timestamp

Event timestamp.

date

agent.id

keyword

cloud.account.id

The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.

keyword

cloud.availability_zone

Availability zone in which this host is running.

keyword

cloud.image.id

Image ID for the cloud instance.

keyword

cloud.instance.id

Instance ID of the host machine.

keyword

cloud.provider

Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.

keyword

cloud.region

Region in which this host is running.

keyword

container.id

Unique container id.

keyword

data_stream.dataset

Data stream dataset.

constant_keyword

data_stream.namespace

Data stream namespace.

constant_keyword

data_stream.type

Data stream type.

constant_keyword

database.oid

OID of the database that this event is related to.

alias

event.dataset

Event dataset

constant_keyword

event.module

Event module

constant_keyword

host.containerized

If the host is a container.

boolean

host.name

Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.

keyword

host.os.build

OS build information.

keyword

host.os.codename

OS codename, if any.

keyword

postgresql.activity.application_name

Name of the application that is connected to this backend.

keyword

postgresql.activity.backend_start

Time when this process was started, i.e., when the client connected to the server.

date

postgresql.activity.backend_type

Type of backend

keyword

postgresql.activity.client.address

IP address of the client connected to this backend.

keyword

postgresql.activity.client.hostname

Host name of the connected client, as reported by a reverse DNS lookup of client_addr.

keyword

postgresql.activity.client.port

TCP port number that the client is using for communication with this backend, or -1 if a Unix socket is used.

long

postgresql.activity.database.name

Name of the database this backend is connected to.

keyword

postgresql.activity.database.oid

OID of the database this backend is connected to.

long

postgresql.activity.pid

Process ID of this backend.

long

postgresql.activity.query

Text of this backend’s most recent query. If state is active this field shows the currently executing query. In all other states, it shows the last query that was executed.

keyword

postgresql.activity.query_id

Unique ID representing the query executed

keyword

postgresql.activity.query_start

Time when the currently active query was started, or if state is not active, when the last query was started.

date

postgresql.activity.state

Current overall state of this backend. Possible values are: * active: The backend is executing a query. * idle: The backend is waiting for a new client command. * idle in transaction: The backend is in a transaction, but is not currently executing a query. * idle in transaction (aborted): This state is similar to idle in transaction, except one of the statements in the transaction caused an error. * fastpath function call: The backend is executing a fast-path function. * disabled: This state is reported if track_activities is disabled in this backend.

keyword

postgresql.activity.state_change

Time when the state was last changed.

date

postgresql.activity.transaction_start

Time when this process' current transaction was started.

date

postgresql.activity.user.id

OID of the user logged into this backend.

long

postgresql.activity.user.name

Name of the user logged into this backend.

keyword

postgresql.activity.wait_event

Wait event name if backend is currently waiting, otherwise NULL

keyword

postgresql.activity.wait_event_type

The type of event for which the backend is waiting, if any; otherwise NULL.

keyword

postgresql.activity.waiting

True if this backend is currently waiting on a lock.

boolean

service.address

Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets).

keyword

@timestamp

Event timestamp.

date

agent.id

keyword

cloud.account.id

The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.

keyword

cloud.availability_zone

Availability zone in which this host is running.

keyword

cloud.image.id

Image ID for the cloud instance.

keyword

cloud.instance.id

Instance ID of the host machine.

keyword

cloud.provider

Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.

keyword

cloud.region

Region in which this host is running.

keyword

container.id

Unique container id.

keyword

data_stream.dataset

Data stream dataset.

constant_keyword

data_stream.namespace

Data stream namespace.

constant_keyword

data_stream.type

Data stream type.

constant_keyword

event.dataset

Event dataset

constant_keyword

event.module

Event module

constant_keyword

host.containerized

If the host is a container.

boolean

host.name

Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.

keyword

host.os.build

OS build information.

keyword

host.os.codename

OS codename, if any.

keyword

postgresql.bgwriter.buffers.allocated

Number of buffers allocated.

long

counter

postgresql.bgwriter.buffers.backend

Number of buffers written directly by a backend.

long

counter

postgresql.bgwriter.buffers.backend_fsync

Number of times a backend had to execute its own fsync call (normally the background writer handles those even when the backend does its own write)

long

counter

postgresql.bgwriter.buffers.checkpoints

Number of buffers written during checkpoints.

long

counter

postgresql.bgwriter.buffers.clean

Number of buffers written by the background writer.

long

counter

postgresql.bgwriter.buffers.clean_full

Number of times the background writer stopped a cleaning scan because it had written too many buffers.

long

counter

postgresql.bgwriter.checkpoints.requested

Number of requested checkpoints that have been performed.

long

counter

postgresql.bgwriter.checkpoints.scheduled

Number of scheduled checkpoints that have been performed.

long

counter

postgresql.bgwriter.checkpoints.times.sync.ms

Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk, in milliseconds.

float

counter

postgresql.bgwriter.checkpoints.times.write.ms

Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk, in milliseconds.

float

counter

postgresql.bgwriter.stats_reset

Time at which these statistics were last reset.

date

service.address

Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets).

keyword

@timestamp

Event timestamp.

date

agent.id

keyword

cloud.account.id

The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.

keyword

cloud.availability_zone

Availability zone in which this host is running.

keyword

cloud.image.id

Image ID for the cloud instance.

keyword

cloud.instance.id

Instance ID of the host machine.

keyword

cloud.provider

Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.

keyword

cloud.region

Region in which this host is running.

keyword

container.id

Unique container id.

keyword

data_stream.dataset

Data stream dataset.

constant_keyword

data_stream.namespace

Data stream namespace.

constant_keyword

data_stream.type

Data stream type.

constant_keyword

database.oid

OID of the database that this event is related to.

alias

event.dataset

Event dataset

constant_keyword

event.module

Event module

constant_keyword

host.containerized

If the host is a container.

boolean

host.name

Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.

keyword

host.os.build

OS build information.

keyword

host.os.codename

OS codename, if any.

keyword

postgresql.database.blocks.hit

Number of times disk blocks were found already in the buffer cache, so that a read was not necessary (this only includes hits in the PostgreSQL buffer cache, not the operating system’s file system cache).

long

gauge

postgresql.database.blocks.read

Number of disk blocks read in this database.

long

gauge

postgresql.database.blocks.time.read.ms

Time spent reading data file blocks by backends in this database, in milliseconds.

long

counter

postgresql.database.blocks.time.write.ms

Time spent writing data file blocks by backends in this database, in milliseconds.

long

counter

postgresql.database.conflicts

Number of queries canceled due to conflicts with recovery in this database.

long

counter

postgresql.database.deadlocks

Number of deadlocks detected in this database.

long

gauge

postgresql.database.name

Name of the database this backend is connected to.

keyword

postgresql.database.number_of_backends

Number of backends currently connected to this database.

long

gauge

postgresql.database.oid

OID of the database this backend is connected to.

long

postgresql.database.rows.deleted

Number of rows deleted by queries in this database.

long

gauge

postgresql.database.rows.fetched

Number of rows fetched by queries in this database.

long

gauge

postgresql.database.rows.inserted

Number of rows inserted by queries in this database.

long

gauge

postgresql.database.rows.returned

Number of rows returned by queries in this database.

long

gauge

postgresql.database.rows.updated

Number of rows updated by queries in this database.

long

gauge

postgresql.database.stats_reset

Time at which these statistics were last reset.

date

postgresql.database.temporary.bytes

Total amount of data written to temporary files by queries in this database. All temporary files are counted, regardless of why the temporary file was created, and regardless of the log_temp_files setting.

long

gauge

postgresql.database.temporary.files

Number of temporary files created by queries in this database. All temporary files are counted, regardless of why the temporary file was created (e.g., sorting or hashing), and regardless of the log_temp_files setting.

long

gauge

postgresql.database.transactions.commit

Number of transactions in this database that have been committed.

long

gauge

postgresql.database.transactions.rollback

Number of transactions in this database that have been rolled back.

long

gauge

service.address

Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets).

keyword

@timestamp

Event timestamp.

date

agent.id

keyword

cloud.account.id

The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.

keyword

cloud.availability_zone

Availability zone in which this host is running.

keyword

cloud.image.id

Image ID for the cloud instance.

keyword

cloud.instance.id

Instance ID of the host machine.

keyword

cloud.provider

Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.

keyword

cloud.region

Region in which this host is running.

keyword

container.id

Unique container id.

keyword

data_stream.dataset

Data stream dataset.

constant_keyword

data_stream.namespace

Data stream namespace.

constant_keyword

data_stream.type

Data stream type.

constant_keyword

database.oid

OID of the database that this event is related to.

alias

event.dataset

Event dataset

constant_keyword

event.module

Event module

constant_keyword

host.containerized

If the host is a container.

boolean

host.name

Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.

keyword

host.os.build

OS build information.

keyword

host.os.codename

OS codename, if any.

keyword

postgresql.statement.database.oid

OID of the database the query was run on.

long

postgresql.statement.query.calls

Number of times the query has been run.

long

counter

postgresql.statement.query.id

ID of the statement.

long

postgresql.statement.query.memory.local.dirtied

Total number of local block cache dirtied by the query.

long

counter

postgresql.statement.query.memory.local.hit

Total number of local block cache hits by the query.

long

counter

postgresql.statement.query.memory.local.read

Total number of local block cache read by the query.

long

counter

postgresql.statement.query.memory.local.written

Total number of local block cache written by the query.

long

counter

postgresql.statement.query.memory.shared.dirtied

Total number of shared block cache dirtied by the query.

long

counter

postgresql.statement.query.memory.shared.hit

Total number of shared block cache hits by the query.

long

counter

postgresql.statement.query.memory.shared.read

Total number of shared block cache read by the query.

long

counter

postgresql.statement.query.memory.shared.written

Total number of shared block cache written by the query.

long

counter

postgresql.statement.query.memory.temp.read

Total number of temp block cache read by the query.

long

counter

postgresql.statement.query.memory.temp.written

Total number of temp block cache written by the query.

long

counter

postgresql.statement.query.rows

Total number of rows returned by query.

long

counter

postgresql.statement.query.text

Query text

keyword

postgresql.statement.query.time.max.ms

Maximum amount of time in milliseconds spent running query.

float

gauge

postgresql.statement.query.time.mean.ms

Mean amount of time in milliseconds spent running query.

long

gauge

postgresql.statement.query.time.min.ms

Minimum amount of time in milliseconds spent running query.

float

gauge

postgresql.statement.query.time.stddev.ms

Population standard deviation of time spent running query, in milliseconds.

long

gauge

postgresql.statement.query.time.total.ms

The total amount of time in milliseconds spent running query.

float

gauge

postgresql.statement.user.id

OID of the user logged into the backend that ran the query.

long

service.address

Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets).

keyword

1.25.0

Enhancement (View pull request)
Add ability to set condition for logs and metrics.

8.13.0 or higher

1.24.0

Bug fix (View pull request)
Fix log datastream grok pattern to support standard logs.

8.13.0 or higher

1.23.0

Enhancement (View pull request)
Add processor support for activity, bgwriter, database and statement data streams.

8.13.0 or higher

1.22.0

Enhancement (View pull request)
ECS version updated to 8.11.0. Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template.

8.13.0 or higher

1.21.0

Enhancement (View pull request)
Add global filter on data_stream.dataset to improve performance.

8.12.0 or higher

1.20.0

Enhancement (View pull request)
Add alias field for database oid fields.

8.12.0 or higher

1.19.0

Enhancement (View pull request)
Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values

8.12.0 or higher

1.18.1

Bug fix (View pull request)
Disable secrets for older stack versions due to errors.

8.8.0 or higher

1.18.0

Enhancement (View pull request)
Enable secret for the sensitive fields, supported from 8.12.

8.8.0 or higher

1.17.2

Enhancement (View pull request)
Improve wording on milliseconds.

8.8.0 or higher

1.17.1

Bug fix (View pull request)
Replaced postgresql.activity.query with postgresql.activity.query_id as TSDS dimension field to support query length greater than 1024.

8.8.0 or higher

1.17.0

Enhancement (View pull request)
Update the package format_version to 3.0.0.

8.8.0 or higher

1.16.1

Bug fix (View pull request)
Add null check and ignore_missing check to the rename processor

8.8.0 or higher

1.16.0

Enhancement (View pull request)
Enable time series data streams for the metrics datasets. This dramatically reduces storage for metrics and is expected to progressively improve query performance. For more details, see https://www.elastic.co/guide/en/elasticsearch/reference/current/tsds.html.

8.8.0 or higher

1.15.2

Enhancement (View pull request)
Added changes to support TSDB Enablement for the activity datastream.

8.4.0 or higher

1.15.1

Enhancement (View pull request)
Add new dimension fields to the database and bgwriter datastreams.

8.4.0 or higher

1.15.0

Enhancement (View pull request)
Add dimensions mapping for the statement datastream for TSDB enablement.

8.4.0 or higher

1.14.0

Enhancement (View pull request)
Rename ownership from obs-service-integrations to obs-infraobs-integrations

8.4.0 or higher

1.13.0

Enhancement (View pull request)
Migrate Query Duration Overview dashboard visualizations to lens.

8.4.0 or higher

1.12.0

Enhancement (View pull request)
Migrate Database Overview dashboard visualizations to lens.

8.4.0 or higher

1.11.0

Enhancement (View pull request)
Migrate Overview dashboard visualizations to lens.

8.4.0 or higher

1.10.0

Enhancement (View pull request)
Added changes to support TSDB Enablement for the bgwriter datastream.

7.14.0 or higher
8.0.0 or higher

1.9.0

Enhancement (View pull request)
Added dimensions mapping for database datastream for TSDB enablement.

7.14.0 or higher
8.0.0 or higher

1.8.0

Enhancement (View pull request)
Added metric type mapping for database datastream.

7.14.0 or higher
8.0.0 or higher

1.7.0

Enhancement (View pull request)
Added metric type mapping for statement datastream.

7.14.0 or higher
8.0.0 or higher

1.6.1

Enhancement (View pull request)
Added categories and/or subcategories.

7.14.0 or higher
8.0.0 or higher

1.6.0

Enhancement (View pull request)
Update ECS version to 8.5.1

7.14.0 or higher
8.0.0 or higher

1.5.0

Enhancement (View pull request)
Added infrastructure category.

7.14.0 or higher
8.0.0 or higher

1.4.2

Enhancement (View pull request)
Remove unused visualizations

7.14.0 or higher
8.0.0 or higher

1.4.1

Bug fix (View pull request)
Fix pipeline when user.name and postgresql.log.database with brackets

7.14.0 or higher
8.0.0 or higher

1.4.0

Enhancement (View pull request)
Add support for AWS postgresql standard log format

7.14.0 or higher
8.0.0 or higher

1.3.1

Enhancement (View pull request)
Add documentation for multi-fields

7.14.0 or higher
8.0.0 or higher

1.3.0

Enhancement (View pull request)
Update to ECS 8.0

—

1.2.0

Enhancement (View pull request)
Release postgresql package for v8.0.0

7.14.0 or higher
8.0.0 or higher

1.1.2

Enhancement (View pull request)
Uniform with guidelines

—

1.1.1

Bug fix (View pull request)
Fix logic that checks for the forwarded tag

—

1.1.0

Enhancement (View pull request)
Update to ECS 1.12.0

7.14.0 or higher

1.0.0

Enhancement (View pull request)
Release PostreSQL as GA

—

0.7.3

Enhancement (View pull request)
Convert to generated ECS fields

—

0.7.2

Enhancement (View pull request)
update to ECS 1.11.0

—

0.7.1

Enhancement (View pull request)
Escape special characters in docs

—

0.7.0

Enhancement (View pull request)
Update documentation to fit mdx spec

—

0.6.0

Enhancement (View pull request)
Update integration description

—

0.5.0

Enhancement (View pull request)
Set "event.module" and "event.dataset"

Enhancement (View pull request)
Enable ECS dependency

—

0.4.0

Enhancement (View pull request)
update to ECS 1.10.0 and adding event.original options

—

0.3.1

Enhancement (View pull request)
update to ECS 1.9.0

—

0.3.0

Enhancement (View pull request)
Add support for logs in CSV format

—

0.2.7

Enhancement (View pull request)
Updating package owner

—

0.2.6

Bug fix (View pull request)
Correct sample event file.

—

0.1.0

Enhancement (View pull request)
initial release

—