Explore data in Elasticsearchedit

This documentation refers to the standalone (legacy) method of running APM Server. This method of running APM Server will be deprecated and removed in a future release. Please consider upgrading to the Elastic APM integration. If you’ve already upgraded, see Data streams.

Elastic APM data is stored in data streams. APM data follows the <type>-<dataset>-<namespace> naming scheme. The type and dataset are predefined by the APM integration, but the namespace is your opportunity to customize how different types of data are stored in Elasticsearch. There is no recommendation for what to use as your namespace—​it is intentionally flexible. For example, you might create namespaces for each of your environments, like dev, prod, production, etc. Or, you might create namespaces that correspond to strategic business units within your organization.

The namespace default is default. To configure a custom namespace, set data_streams.namespace:

apm-server:
  data_streams.namespace: custom_namespace

APM data streamsedit

By type, the APM data streams are:

Traces

Traces are comprised of spans and transactions. Traces are stored in the following data streams:

  • Application traces: traces-apm-<namespace>
  • RUM and iOS agent application traces: traces-apm.rum-<namespace>
Metrics

Metrics include application-based metrics, aggregation metrics, and basic system metrics. Metrics are stored in the following data streams:

  • APM internal metrics: metrics-apm.internal-<namespace>
  • Application metrics: metrics-apm.app.<service.name>-<namespace>
Logs

Logs include application error events and application logs. Logs are stored in the following data streams:

  • APM error/exception logging: logs-apm.error-<namespace>

Sample APM documentsedit

Sample documents for each of the APM event types are available on these pages:

Elasticsearch query examplesedit

The following examples enable you to interact with Elasticsearch’s REST API. One possible way to do this is using Kibana’s Dev Tools console.

Data streams, templates, and index-level operations can also be manged via Kibana’s Index management panel.

To see an overview of existing data streams, run:

GET /_data_stream/*apm*

To query a specific event type, for example, application traces:

GET traces-apm*/_search

If you are interested in the settings and mappings of the Elastic APM indices, first, run a query to find template names:

GET _cat/templates/*apm*

Then, retrieve the specific template you are interested in:

GET  /_template/your-template-name