WARNING: Version 6.2 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Common fieldsedit
These fields contain data about the environment in which the transaction or flow was captured.
server
edit
The name of the server that served the transaction.
client_server
edit
The name of the server that initiated the transaction.
service
edit
The name of the logical service that served the transaction.
client_service
edit
The name of the logical service that initiated the transaction.
ip
edit
format: dotted notation.
The IP address of the server that served the transaction.
client_ip
edit
format: dotted notation.
The IP address of the server that initiated the transaction.
real_ip
edit
format: Dotted notation.
If the server initiating the transaction is a proxy, this field contains the original client IP address. For HTTP, for example, the IP address extracted from a configurable HTTP header, by default X-Forwarded-For
.
Unless this field is disabled, it always has a value, and it matches the client_ip
for non proxy clients.
client_geoip fieldsedit
The GeoIP information of the client.
client_geoip.location
edit
type: geo_point
example: {lat: 51, lon: 9}
The GeoIP location of the client_ip
address. This field is available only if you define a GeoIP Processor as a pipeline in the Ingest GeoIP processor plugin or using Logstash.
client_port
edit
format: dotted notation.
The layer 4 port of the process that initiated the transaction.
transport
edit
example: udp
The transport protocol used for the transaction. If not specified, then tcp is assumed.
type
edit
required: True
The type of the transaction (for example, HTTP, MySQL, Redis, or RUM) or "flow" in case of flows.
port
edit
format: dotted notation.
The layer 4 port of the process that served the transaction.
proc
edit
The name of the process that served the transaction.
client_proc
edit
The name of the process that initiated the transaction.
release
edit
The software release of the service serving the transaction. This can be the commit id or a semantic version.