Data streamsedit
Data stream naming schemeedit
APM data follows the <type>-<dataset>-<namespace> naming scheme.
The type and dataset are predefined by the APM integration,
but the namespace is your opportunity to customize how different types of data are stored in Elasticsearch.
There is no recommendation for what to use as your namespace—it is intentionally flexible.
For example, you might create namespaces for each of your environments,
like dev, prod, production, etc.
Or, you might create namespaces that correspond to strategic business units within your organization.
APM data streamsedit
By type, the APM data streams are:
- Traces
-
Traces are comprised of spans and transactions. Traces are stored in the following data streams:
-
Application traces:
traces-apm-<namespace> -
RUM and iOS agent application traces:
traces-apm.rum-<namespace>
-
Application traces:
- Metrics
-
Metrics include application-based metrics, aggregation metrics, and basic system metrics. Metrics are stored in the following data streams:
-
APM internal metrics:
metrics-apm.internal-<namespace> -
APM transaction metrics:
metrics-apm.transaction.<metricset.interval>-<namespace> -
APM service destination metrics:
metrics-apm.service_destination.<metricset.interval>-<namespace> -
APM service transaction metrics:
metrics-apm.service_transaction.<metricset.interval>-<namespace> -
APM service summary metrics:
metrics-apm.service_summary.<metricset.interval>-<namespace> -
Application metrics:
metrics-apm.app.<service.name>-<namespace>Application metrics include the instrumented service’s name—defined in each APM agent’s configuration—in the data stream name. Service names therefore must follow certain index naming rules.
Service name rules
-
Service names are case-insensitive and must be unique.
For example, you cannot have a service named
Fooand another namedfoo. -
Special characters will be removed from service names and replaced with underscores (
_). Special characters include:'\\', '/', '*', '?', '"', '<', '>', '|', ' ', ',', '#', ':', '-'
-
Service names are case-insensitive and must be unique.
For example, you cannot have a service named
-
APM internal metrics:
- Logs
-
Logs include application error events and application logs. Logs are stored in the following data streams:
-
APM error/exception logging:
logs-apm.error-<namespace> -
APM app logging:
logs-apm.app.<service.name>-<namespace>
-
APM error/exception logging:
APM data stream reroutingedit
APM supports rerouting APM data to user-defined APM data stream names other than the defaults.
This can be achieved by using a reroute processor in ingest pipelines to set the data stream dataset or namespace.
The benefit of separating APM data streams is that custom retention and security policies can be used.
For example, consider traces that would originally be indexed to traces-apm-default. To set the data stream namespace from the trace’s service.environment and fallback to a static string "default", create an ingest pipeline named traces-apm@custom which will be used automatically:
[
{
"reroute": {
"namespace": [
"{{service.environment}}",
"default"
]
}
}
]
For more about other ingest pipelines called by default, e.g. traces-apm@custom, see integration data streams ingest pipelines.
For more custom APM ingest pipeline guides, see parse data using ingest pipelines.
What’s next?edit
- Data streams define not only how data is stored in Elasticsearch, but also how data is retained over time. See Index lifecycle management to learn how to create your own data retention policies.
- See Manage storage for information on APM storage and processing costs, processing and performance, and other index management features.