-
Notifications
You must be signed in to change notification settings - Fork 4.9k
/
fields.common.yml
178 lines (150 loc) · 4.11 KB
/
fields.common.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
- key: log
title: Log file content
description: >
Contains log file lines.
fields:
- name: log.source.address
type: keyword
required: false
description: >
Source address from which the log event was read / sent from.
- name: log.offset
type: long
required: false
description: >
The file offset the reported line starts at.
- name: stream
type: keyword
required: false
description: >
Log stream when reading container logs, can be 'stdout' or 'stderr'
- name: input.type
required: true
description: >
The input type from which the event was generated. This field is set to the value specified
for the `type` option in the input section of the Filebeat config file.
- name: syslog.facility
type: long
required: false
description: >
The facility extracted from the priority.
- name: syslog.priority
type: long
required: false
description: >
The priority of the syslog event.
- name: syslog.severity_label
type: keyword
required: false
description: >
The human readable severity.
- name: syslog.facility_label
type: keyword
required: false
description: >
The human readable facility.
- name: process.program
type: keyword
required: false
description: >
The name of the program.
- name: log.flags
description: >
This field contains the flags of the event.
- name: http.response.content_length
type: alias
path: http.response.body.bytes
migration: true
- name: user_agent
type: group
fields:
- name: os
type: group
fields:
- name: full_name
type: keyword
- name: fileset.name
type: keyword
description: >
The Filebeat fileset that generated this event.
- name: fileset.module
type: alias
path: event.module
migration: true
- name: read_timestamp
type: alias
path: event.created
migration: true
- name: docker.attrs
type: object
object_type: keyword
description: >
docker.attrs contains labels and environment variables written by docker's JSON File logging driver.
These fields are only available when they are configured in the logging driver options.
- name: icmp.code
type: keyword
description: >
ICMP code.
- name: icmp.type
type: keyword
description: >
ICMP type.
- name: igmp.type
type: keyword
description: >
IGMP type.
- name: azure
type: group
fields:
- name: eventhub
type: keyword
description: >
Name of the eventhub.
- name: offset
type: long
description: >
The offset.
- name: enqueued_time
type: date
description: >
The enqueued time.
- name: partition_id
type: long
description: >
The partition id.
- name: consumer_group
type: keyword
description: >
The consumer group.
- name: sequence_number
type: long
description: >
The sequence number.
- name: kafka
type: group
fields:
- name: topic
type: keyword
description: >
Kafka topic
- name: partition
type: long
description: >
Kafka partition number
- name: offset
type: long
description: >
Kafka offset of this message
- name: key
type: keyword
description: >
Kafka key, corresponding to the Kafka value stored in the message
- name: block_timestamp
type: date
description: >
Kafka outer (compressed) block timestamp
- name: headers
type: array
description: >
An array of Kafka header strings for this message, in the form
"<key>: <value>".