APM Profile fieldsedit

Profiling-specific data for APM.

processor.name

Processor name.

type: keyword

processor.event

Processor event.

type: keyword

timestamp.us

Timestamp of the event in microseconds since Unix epoch.

type: long

labels

A flat mapping of user-defined labels with string, boolean or number values.

type: object

Yes ECS field.

serviceedit

Service fields.

service.name

Immutable name of the service emitting this event.

type: keyword

Yes ECS field.

service.version

Version of the service emitting this event.

type: keyword

Yes ECS field.

service.environment

Service environment.

type: keyword

service.node.name

Unique meaningful name of the service node.

type: keyword

Yes ECS field.

service.language.name

Name of the programming language used.

type: keyword

service.language.version

Version of the programming language used.

type: keyword

service.runtime.name

Name of the runtime used.

type: keyword

service.runtime.version

Version of the runtime used.

type: keyword

service.framework.name

Name of the framework used.

type: keyword

service.framework.version

Version of the framework used.

type: keyword

agent.name

Name of the agent used.

type: keyword

Yes ECS field.

agent.version

Version of the agent used.

type: keyword

Yes ECS field.

agent.ephemeral_id

The Ephemeral ID identifies a running process.

type: keyword

Yes ECS field.

containeredit

Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.

container.id

Unique container id.

type: keyword

Yes ECS field.

networkedit

Optional network fields

connectionedit

Network connection details

network.connection.type

Network connection type, eg. "wifi", "cell"

type: keyword

network.connection.subtype

Detailed network connection sub-type, e.g. "LTE", "CDMA"

type: keyword

carrieredit

Network operator

network.carrier.name

Carrier name, eg. Vodafone, T-Mobile, etc.

type: keyword

network.carrier.mcc

Mobile country code

type: keyword

network.carrier.mnc

Mobile network code

type: keyword

network.carrier.icc

ISO country code, eg. US

type: keyword

kubernetesedit

Kubernetes metadata reported by agents

kubernetes.namespace

Kubernetes namespace

type: keyword

kubernetes.node.name

Kubernetes node name

type: keyword

kubernetes.pod.name

Kubernetes pod name

type: keyword

kubernetes.pod.uid

Kubernetes Pod UID

type: keyword

hostedit

Optional host fields.

host.architecture

The architecture of the host the event was recorded on.

type: keyword

Yes ECS field.

host.hostname

The hostname of the host the event was recorded on.

type: keyword

Yes ECS field.

host.name

Name of the host the event was recorded on. It can contain same information as host.hostname or a name specified by the user.

type: keyword

Yes ECS field.

host.ip

IP of the host that records the event.

type: ip

Yes ECS field.

osedit

The OS fields contain information about the operating system.

host.os.platform

The platform of the host the event was recorded on.

type: keyword

Yes ECS field.

processedit

Information pertaining to the running process where the data was collected

process.args

Process arguments. May be filtered to protect sensitive information.

type: keyword

Yes ECS field.

process.pid

Numeric process ID of the service process.

type: long

Yes ECS field.

process.ppid

Numeric ID of the service’s parent process.

type: long

Yes ECS field.

process.title

Service process title.

type: keyword

Yes ECS field.

observer.listening

Address the server is listening on.

type: keyword

observer.hostname

Hostname of the APM Server.

type: keyword

Yes ECS field.

observer.version

APM Server version.

type: keyword

Yes ECS field.

observer.version_major

Major version number of the observer

type: byte

observer.type

The type will be set to apm-server.

type: keyword

Yes ECS field.

observer.id

Unique identifier of the APM Server.

type: keyword

observer.ephemeral_id

Ephemeral identifier of the APM Server.

type: keyword

user.name

The username of the logged in user.

type: keyword

Yes ECS field.

user.id

Identifier of the logged in user.

type: keyword

Yes ECS field.

user.email

Email of the logged in user.

type: keyword

Yes ECS field.

client.domain

Client domain.

type: keyword

Yes ECS field.

client.ip

IP address of the client of a recorded event. This is typically obtained from a request’s X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address.

type: ip

Yes ECS field.

client.port

Port of the client.

type: long

Yes ECS field.

source.domain

Source domain.

type: keyword

Yes ECS field.

source.ip

IP address of the source of a recorded event. This is typically obtained from a request’s X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address.

type: ip

Yes ECS field.

source.port

Port of the source.

type: long

Yes ECS field.

destinationedit

Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields.

destination.address

Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the .address field. Then it should be duplicated to .ip or .domain, depending on which one it is.

type: keyword

Yes ECS field.

destination.ip

IP addess of the destination. Can be one of multiple IPv4 or IPv6 addresses.

type: ip

Yes ECS field.

destination.port

Port of the destination.

type: long

format: string

Yes ECS field.

user_agentedit

The user_agent fields normally come from a browser request. They often show up in web service logs coming from the parsed user agent string.

user_agent.original

Unparsed version of the user_agent.

type: keyword

example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Yes ECS field.

user_agent.original.text

Software agent acting in behalf of a user, eg. a web browser / OS combination.

type: text

user_agent.name

Name of the user agent.

type: keyword

example: Safari

Yes ECS field.

user_agent.version

Version of the user agent.

type: keyword

example: 12.0

Yes ECS field.

deviceedit

Information concerning the device.

user_agent.device.name

Name of the device.

type: keyword

example: iPhone

Yes ECS field.

osedit

The OS fields contain information about the operating system.

user_agent.os.platform

Operating system platform (such centos, ubuntu, windows).

type: keyword

example: darwin

Yes ECS field.

user_agent.os.name

Operating system name, without the version.

type: keyword

example: Mac OS X

Yes ECS field.

user_agent.os.full

Operating system name, including the version or code name.

type: keyword

example: Mac OS Mojave

Yes ECS field.

user_agent.os.family

OS family (such as redhat, debian, freebsd, windows).

type: keyword

example: debian

Yes ECS field.

user_agent.os.version

Operating system version as a raw string.

type: keyword

example: 10.14.1

Yes ECS field.

user_agent.os.kernel

Operating system kernel version as a raw string.

type: keyword

example: 4.4.0-112-generic

Yes ECS field.

experimental

Additional experimental data sent by the agents.

type: object

cloudedit

Cloud metadata reported by agents

cloud.account.id

Cloud account ID

type: keyword

Yes ECS field.

cloud.account.name

Cloud account name

type: keyword

Yes ECS field.

cloud.availability_zone

Cloud availability zone name

type: keyword

example: us-east1-a

Yes ECS field.

cloud.instance.id

Cloud instance/machine ID

type: keyword

Yes ECS field.

cloud.instance.name

Cloud instance/machine name

type: keyword

Yes ECS field.

cloud.machine.type

Cloud instance/machine type

type: keyword

example: t2.medium

Yes ECS field.

cloud.project.id

Cloud project ID

type: keyword

Yes ECS field.

cloud.project.name

Cloud project name

type: keyword

Yes ECS field.

cloud.provider

Cloud provider name

type: keyword

example: gcp

Yes ECS field.

cloud.region

Cloud region name

type: keyword

example: us-east1

Yes ECS field.

cloud.service.name

Cloud service name, intended to distinguish services running on different platforms within a provider.

type: keyword

profile.id

Unique ID for the profile. All samples within a profile will have the same profile ID.

type: keyword

profile.duration

Duration of the profile, in nanoseconds. All samples within a profile will have the same duration. To aggregate durations, you should first group by the profile ID.

type: long

profile.cpu.ns

Amount of CPU time profiled, in nanoseconds.

type: long

profile.wall.us

Amount of wall time profiled, in microseconds.

type: long

profile.samples.count

Number of profile samples for the profiling period.

type: long

profile.alloc_objects.count

Number of objects allocated since the process started.

type: long

profile.alloc_space.bytes

Amount of memory allocated, in bytes, since the process started.

type: long

profile.inuse_objects.count

Number of objects allocated and currently in use.

type: long

profile.inuse_space.bytes

Amount of memory allocated, in bytes, and currently in use.

type: long

profile.top.id

Unique ID for the top stack frame in the context of its callers.

type: keyword

profile.top.function

Function name for the top stack frame.

type: keyword

profile.top.filename

Source code filename for the top stack frame.

type: keyword

profile.top.line

Source code line number for the top stack frame.

type: long

profile.stack.id

Unique ID for a stack frame in the context of its callers.

type: keyword

profile.stack.function

Function name for a stack frame.

type: keyword

profile.stack.filename

Source code filename for a stack frame.

type: keyword

profile.stack.line

Source code line number for a stack frame.

type: long