Built-in data filters
editBuilt-in data filters
editBuilt-in data filters allow you to filter or turn off ingestion of the following types of data:
Data type | Common sensitive data |
---|---|
Passwords, credit card numbers, authorization, etc. |
|
Passwords, credit card numbers, etc. |
|
Client IP address and user agent. |
|
URLs visited, click events, user browser errors, resources used, etc. |
|
Sensitive user or business information |
HTTP headers
editBy default, APM agents capture HTTP request and response headers (including cookies).
Most Elastic APM agents provide the ability to sanitize HTTP header fields,
including cookies and application/x-www-form-urlencoded
data (POST form fields).
Query string and captured request bodies, like application/json
data, are not sanitized.
The default list of sanitized fields attempts to target common field names for data relating to passwords, credit card numbers, authorization, etc., but can be customized to fit your data. This sensitive data never leaves the instrumented service.
This setting supports Central configuration, which means the list of sanitized fields can be updated without needing to redeploy your services:
-
Go:
ELASTIC_APM_SANITIZE_FIELD_NAMES
-
Java:
sanitize_field_names
-
.NET:
sanitizeFieldNames
-
Node.js:
sanitizeFieldNames
-
Python:
sanitize_field_names
-
Ruby:
sanitize_field_names
Alternatively, you can completely disable the capturing of HTTP headers. This setting also supports Central configuration:
-
Go:
ELASTIC_APM_CAPTURE_HEADERS
-
Java:
capture_headers
-
.NET:
CaptureHeaders
-
Node.js:
captureHeaders
-
Python:
capture_headers
-
Ruby:
capture_headers
HTTP bodies
editBy default, the body of HTTP requests is not recorded. Request bodies often contain sensitive data like passwords or credit card numbers, so use care when enabling this feature.
This setting supports Central configuration, which means the list of sanitized fields can be updated without needing to redeploy your services:
-
Go:
ELASTIC_APM_CAPTURE_BODY
-
Java:
capture_body
-
.NET:
CaptureBody
-
Node.js:
captureBody
-
Python:
capture_body
-
Ruby:
capture_body
Personal data
editBy default, the APM Server captures some personal data associated with trace events:
-
client.ip
: The client’s IP address. Typically derived from the HTTP headers of incoming requests.client.ip
is also used in conjunction with thegeoip
processor to assign geographical information to trace events. To learn more about howclient.ip
is derived, see Deriving an incoming request’sclient.ip
address. -
user_agent
: User agent data, including the client operating system, device name, vendor, and version.
The capturing of this data can be turned off by setting
Capture personal data to false
.
Real user monitoring data
editProtecting user data is important.
For that reason, individual RUM instrumentations can be disabled in the RUM agent with the
disableInstrumentations
configuration variable.
Disabled instrumentations produce no spans or transactions.
Disable | Configuration value |
---|---|
HTTP requests |
|
Page load metrics including static resources |
|
JavaScript errors on the browser |
|
User click events including URLs visited, mouse clicks, and navigation events |
|
Single page application route changes |
|
Database statements
editFor SQL databases, APM agents do not capture the parameters of prepared statements. Note that Elastic APM currently does not make an effort to strip parameters of regular statements. Not using prepared statements makes your code vulnerable to SQL injection attacks, so be sure to use prepared statements.
For non-SQL data stores, such as Elasticsearch or MongoDB, Elastic APM captures the full statement for queries. For inserts or updates, the full document is not stored. To filter or obfuscate data in non-SQL database statements, or to remove the statement entirely, you can set up an ingest node pipeline.
Agent-specific options
editCertain agents offer additional filtering and obfuscating options:
Agent configuration options
- (Node.js) Remove errors raised by the server-side process: disable with captureExceptions.
-
(Java) Remove process arguments from transactions:
disabled by default with
include_process_args
.