General APM fields

edit

Fields common to various APM events.

processor.name

type: keyword

Processor name.

processor.event

type: keyword

Processor event.

timestamp.us

type: long

Timestamp of the event in microseconds since Unix epoch.

url fields

edit

A complete Url, with scheme, host and path.

url.scheme

type: keyword

The protocol of the request, e.g. "https:".

url.full

type: keyword

The full, possibly agent-assembled URL of the request, e.g https://example.com:443/search?q=elasticsearch#top.

url.domain

type: keyword

The hostname of the request, e.g. "example.com".

url.port

type: long

The port of the request, e.g. 443.

url.path

type: keyword

The path of the request, e.g. "/search".

url.query

type: keyword

The query string of the request, e.g. "q=elasticsearch".

url.fragment

type: keyword

A fragment specifying a location in a web page , e.g. "top".

http.version

type: keyword

The http version of the request leading to this event.

http.request.method

type: keyword

The http method of the request leading to this event.

http.request.headers

type: object

The canonicalized headers of the monitored HTTP request.

Object is not enabled.

http.response.status_code

type: long

The status code of the HTTP response.

http.response.finished

type: boolean

Used by the Node agent to indicate when in the response life cycle an error has occurred.

http.response.headers

type: object

The canonicalized headers of the monitored HTTP response.

Object is not enabled.

labels

type: object

A flat mapping of user-defined labels with string, boolean or number values.

service fields

edit

Service fields.

service.name

type: keyword

Immutable unique name of the service emitting this event.

service.version

type: keyword

Version of the service emitting this event.

service.environment

type: keyword

Service environment.

service.language.name

type: keyword

Name of the programming language used.

service.language.version

type: keyword

Version of the programming language used.

service.runtime.name

type: keyword

Name of the runtime used.

service.runtime.version

type: keyword

Version of the runtime used.

service.framework.name

type: keyword

Name of the framework used.

service.framework.version

type: keyword

Version of the framework used.

transaction.id

type: keyword

The transaction ID.

transaction.sampled

type: boolean

Transactions that are sampled will include all available information. Transactions that are not sampled will not have spans or context.

transaction.type

type: keyword

Keyword of specific relevance in the service’s domain (eg. request, backgroundjob, etc)

trace.id

type: keyword

The ID of the trace to which the event belongs to.

parent.id

type: keyword

The ID of the parent event.

agent.name

type: keyword

Name of the agent used.

agent.version

type: keyword

Version of the agent used.

container fields

edit

Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.

container.id

type: keyword

Unique container id.

kubernetes fields

edit

Kubernetes metadata reported by agents

kubernetes.namespace

type: keyword

Kubernetes namespace

kubernetes.node.name

type: keyword

Kubernetes node name

kubernetes.pod.name

type: keyword

Kubernetes pod name

kubernetes.pod.uid

type: keyword

Kubernetes Pod UID

host fields

edit

Optional host fields.

host.architecture

type: keyword

The architecture of the host the event was recorded on.

host.hostname

type: keyword

The hostname of the host the event was recorded on.

host.ip

type: ip

IP of the host that records the event.

os fields

edit

The OS fields contain information about the operating system.

host.os.platform

type: keyword

The platform of the host the event was recorded on.

process fields

edit

Information pertaining to the running process where the data was collected

process.args

type: keyword

Process arguments. May be filtered to protect sensitive information.

process.pid

type: long

Numeric process ID of the service process.

process.ppid

type: long

Numeric ID of the service’s parent process.

process.title

type: keyword

Service process title.

observer.listening

type: keyword

Address the server is listening on.

observer.hostname

type: keyword

Hostname of the APM Server.

observer.version

type: keyword

APM Server version.

observer.version_major

type: byte

Major version number of the observer

observer.type

type: keyword

The type will be set to apm-server.

user.name

type: keyword

The username of the logged in user.

user.id

type: keyword

Identifier of the logged in user.

user.email

type: keyword

Email of the logged in user.

client.ip

type: ip

IP of the user where the event is recorded, typically a web browser. This is obtained from the X-Forwarded-For header, of which the first entry is the IP of the original client. This value however might not be necessarily trusted, as it can be forged by a malicious user.

user_agent fields

edit

The user_agent fields normally come from a browser request. They often show up in web service logs coming from the parsed user agent string.

user_agent.original

type: keyword

example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Unparsed version of the user_agent.

user_agent.original.text

type: text

Software agent acting in behalf of a user, eg. a web browser / OS combination.

user_agent.name

type: keyword

example: Safari

Name of the user agent.

user_agent.version

type: keyword

example: 12.0

Version of the user agent.

device fields

edit

Information concerning the device.

user_agent.device.name

type: keyword

example: iPhone

Name of the device.

os fields

edit

The OS fields contain information about the operating system.

user_agent.os.platform

type: keyword

example: darwin

Operating system platform (such centos, ubuntu, windows).

user_agent.os.name

type: keyword

example: Mac OS X

Operating system name, without the version.

user_agent.os.full

type: keyword

example: Mac OS Mojave

Operating system name, including the version or code name.

user_agent.os.family

type: keyword

example: debian

OS family (such as redhat, debian, freebsd, windows).

user_agent.os.version

type: keyword

example: 10.14.1

Operating system version as a raw string.

user_agent.os.kernel

type: keyword

example: 4.4.0-112-generic

Operating system kernel version as a raw string.