Fields common to various APM events.
processor.nametype: keyword
Processor name.
processor.eventtype: keyword
Processor event.
timestamp.ustype: long
Timestamp of the event in microseconds since Unix epoch.
url fields
A complete Url, with scheme, host and path.
url.schemetype: keyword
The protocol of the request, e.g. "https:".
url.fulltype: keyword
The full, possibly agent-assembled URL of the request, e.g https://example.com:443/search?q=elasticsearch#top.
url.domaintype: keyword
The hostname of the request, e.g. "example.com".
url.porttype: long
The port of the request, e.g. 443.
url.pathtype: keyword
The path of the request, e.g. "/search".
url.querytype: keyword
The query string of the request, e.g. "q=elasticsearch".
url.fragmenttype: keyword
A fragment specifying a location in a web page , e.g. "top".
http.versiontype: keyword
The http version of the request leading to this event.
http.request.methodtype: keyword
The http method of the request leading to this event.
http.request.headerstype: object
The canonicalized headers of the monitored HTTP request.
Object is not enabled.
http.response.status_codetype: long
The status code of the HTTP response.
http.response.finishedtype: boolean
Used by the Node agent to indicate when in the response life cycle an error has occurred.
http.response.headerstype: object
The canonicalized headers of the monitored HTTP response.
Object is not enabled.
labelstype: object
A flat mapping of user-defined labels with string, boolean or number values.
service fields
Service fields.
service.nametype: keyword
Immutable unique name of the service emitting this event.
service.versiontype: keyword
Version of the service emitting this event.
service.environmenttype: keyword
Service environment.
service.language.nametype: keyword
Name of the programming language used.
service.language.versiontype: keyword
Version of the programming language used.
service.runtime.nametype: keyword
Name of the runtime used.
service.runtime.versiontype: keyword
Version of the runtime used.
service.framework.nametype: keyword
Name of the framework used.
service.framework.versiontype: keyword
Version of the framework used.
transaction.idtype: keyword
The transaction ID.
transaction.sampledtype: boolean
Transactions that are sampled will include all available information. Transactions that are not sampled will not have spans or context.
transaction.typetype: keyword
Keyword of specific relevance in the service’s domain (eg. request, backgroundjob, etc)
trace.idtype: keyword
The ID of the trace to which the event belongs to.
parent.idtype: keyword
The ID of the parent event.
agent.nametype: keyword
Name of the agent used.
agent.versiontype: keyword
Version of the agent used.
container fields
Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.
container.idtype: keyword
Unique container id.
kubernetes fields
Kubernetes metadata reported by agents
kubernetes.namespacetype: keyword
Kubernetes namespace
kubernetes.node.nametype: keyword
Kubernetes node name
kubernetes.pod.nametype: keyword
Kubernetes pod name
kubernetes.pod.uidtype: keyword
Kubernetes Pod UID
host fields
Optional host fields.
host.architecturetype: keyword
The architecture of the host the event was recorded on.
host.hostnametype: keyword
The hostname of the host the event was recorded on.
host.iptype: ip
IP of the host that records the event.
os fields
The OS fields contain information about the operating system.
host.os.platformtype: keyword
The platform of the host the event was recorded on.
process fields
Information pertaining to the running process where the data was collected
process.argstype: keyword
Process arguments. May be filtered to protect sensitive information.
process.pidtype: long
Numeric process ID of the service process.
process.ppidtype: long
Numeric ID of the service’s parent process.
process.titletype: keyword
Service process title.
observer.listeningtype: keyword
Address the server is listening on.
observer.hostnametype: keyword
Hostname of the APM Server.
observer.versiontype: keyword
APM Server version.
observer.version_majortype: byte
Major version number of the observer
observer.typetype: keyword
The type will be set to
apm-server.user.nametype: keyword
The username of the logged in user.
user.idtype: keyword
Identifier of the logged in user.
user.emailtype: keyword
Email of the logged in user.
client.iptype: ip
IP of the user where the event is recorded, typically a web browser. This is obtained from the X-Forwarded-For header, of which the first entry is the IP of the original client. This value however might not be necessarily trusted, as it can be forged by a malicious user.
user_agent fields
The user_agent fields normally come from a browser request. They often show up in web service logs coming from the parsed user agent string.
user_agent.originaltype: keyword
example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
Unparsed version of the user_agent.
user_agent.original.texttype: text
Software agent acting in behalf of a user, eg. a web browser / OS combination.
user_agent.nametype: keyword
example: Safari
Name of the user agent.
user_agent.versiontype: keyword
example: 12.0
Version of the user agent.
device fields
Information concerning the device.
user_agent.device.nametype: keyword
example: iPhone
Name of the device.
os fields
The OS fields contain information about the operating system.
user_agent.os.platformtype: keyword
example: darwin
Operating system platform (such centos, ubuntu, windows).
user_agent.os.nametype: keyword
example: Mac OS X
Operating system name, without the version.
user_agent.os.fulltype: keyword
example: Mac OS Mojave
Operating system name, including the version or code name.
user_agent.os.familytype: keyword
example: debian
OS family (such as redhat, debian, freebsd, windows).
user_agent.os.versiontype: keyword
example: 10.14.1
Operating system version as a raw string.
user_agent.os.kerneltype: keyword
example: 4.4.0-112-generic
Operating system kernel version as a raw string.