General APM fieldsedit

Fields common to various APM events.

processor.name

Processor name.

type: keyword

processor.event

Processor event.

type: keyword

timestamp.us

Timestamp of the event in microseconds since Unix epoch.

type: long

urledit

A complete Url, with scheme, host and path.

url.scheme

The protocol of the request, e.g. "https:".

type: keyword

url.full

The full, possibly agent-assembled URL of the request, e.g https://example.com:443/search?q=elasticsearch#top.

type: keyword

url.domain

The hostname of the request, e.g. "example.com".

type: keyword

url.port

The port of the request, e.g. 443.

type: long

url.path

The path of the request, e.g. "/search".

type: keyword

url.query

The query string of the request, e.g. "q=elasticsearch".

type: keyword

url.fragment

A fragment specifying a location in a web page , e.g. "top".

type: keyword

http.version

The http version of the request leading to this event.

type: keyword

http.request.method

The http method of the request leading to this event.

type: keyword

http.request.headers

The canonical headers of the monitored HTTP request.

type: object

Object is not enabled.

http.response.status_code

The status code of the HTTP response.

type: long

http.response.finished

Used by the Node agent to indicate when in the response life cycle an error has occurred.

type: boolean

http.response.headers

The canonical headers of the monitored HTTP response.

type: object

Object is not enabled.

labels

A flat mapping of user-defined labels with string, boolean or number values.

type: object

serviceedit

Service fields.

service.name

Immutable unique name of the service emitting this event.

type: keyword

service.version

Version of the service emitting this event.

type: keyword

service.environment

Service environment.

type: keyword

service.language.name

Name of the programming language used.

type: keyword

service.language.version

Version of the programming language used.

type: keyword

service.runtime.name

Name of the runtime used.

type: keyword

service.runtime.version

Version of the runtime used.

type: keyword

service.framework.name

Name of the framework used.

type: keyword

service.framework.version

Version of the framework used.

type: keyword

transaction.id

The transaction ID.

type: keyword

transaction.sampled

Transactions that are sampled will include all available information. Transactions that are not sampled will not have spans or context.

type: boolean

transaction.type

Keyword of specific relevance in the service’s domain (eg. request, backgroundjob, etc)

type: keyword

transaction.name

Generic designation of a transaction in the scope of a single service (eg. GET /users/:id).

type: keyword

transaction.name.text
type: text

durationedit

None

transaction.duration.count
type: long
transaction.duration.sum.us
type: long

self_timeedit

Portion of the transaction’s duration where no direct child was running

transaction.self_time.count
type: long
transaction.self_time.sum.us
type: long

breakdownedit

Counter for collected breakdowns for the transaction

transaction.breakdown.count
type: long
span.type

Keyword of specific relevance in the service’s domain (eg: db.postgresql.query, template.erb, cache, etc).

type: keyword

span.subtype

A further sub-division of the type (e.g. postgresql, elasticsearch)

type: keyword

self_timeedit

Portion of the span’s duration where no direct child was running

span.self_time.count
type: long
span.self_time.sum.us
type: long
trace.id

The ID of the trace to which the event belongs to.

type: keyword

parent.id

The ID of the parent event.

type: keyword

agent.name

Name of the agent used.

type: keyword

agent.version

Version of the agent used.

type: keyword

agent.ephemeral_id

The Ephemeral ID identifies a running process.

type: keyword

containeredit

Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.

container.id

Unique container id.

type: keyword

kubernetesedit

Kubernetes metadata reported by agents

kubernetes.namespace

Kubernetes namespace

type: keyword

kubernetes.node.name

Kubernetes node name

type: keyword

kubernetes.pod.name

Kubernetes pod name

type: keyword

kubernetes.pod.uid

Kubernetes Pod UID

type: keyword

hostedit

Optional host fields.

host.architecture

The architecture of the host the event was recorded on.

type: keyword

host.hostname

The hostname of the host the event was recorded on.

type: keyword

host.ip

IP of the host that records the event.

type: ip

osedit

The OS fields contain information about the operating system.

host.os.platform

The platform of the host the event was recorded on.

type: keyword

processedit

Information pertaining to the running process where the data was collected

process.args

Process arguments. May be filtered to protect sensitive information.

type: keyword

process.pid

Numeric process ID of the service process.

type: long

process.ppid

Numeric ID of the service’s parent process.

type: long

process.title

Service process title.

type: keyword

observer.listening

Address the server is listening on.

type: keyword

observer.hostname

Hostname of the APM Server.

type: keyword

observer.version

APM Server version.

type: keyword

observer.version_major

Major version number of the observer

type: byte

observer.type

The type will be set to apm-server.

type: keyword

user.name

The username of the logged in user.

type: keyword

user.id

Identifier of the logged in user.

type: keyword

user.email

Email of the logged in user.

type: keyword

client.ip

IP of the user where the event is recorded, typically a web browser. This is obtained from the X-Forwarded-For header, of which the first entry is the IP of the original client. This value however might not be necessarily trusted, as it can be forged by a malicious user.

type: ip

user_agentedit

The user_agent fields normally come from a browser request. They often show up in web service logs coming from the parsed user agent string.

user_agent.original

Unparsed version of the user_agent.

type: keyword

example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

user_agent.original.text

Software agent acting in behalf of a user, eg. a web browser / OS combination.

type: text

user_agent.name

Name of the user agent.

type: keyword

example: Safari

user_agent.version

Version of the user agent.

type: keyword

example: 12.0

deviceedit

Information concerning the device.

user_agent.device.name

Name of the device.

type: keyword

example: iPhone

osedit

The OS fields contain information about the operating system.

user_agent.os.platform

Operating system platform (such centos, ubuntu, windows).

type: keyword

example: darwin

user_agent.os.name

Operating system name, without the version.

type: keyword

example: Mac OS X

user_agent.os.full

Operating system name, including the version or code name.

type: keyword

example: Mac OS Mojave

user_agent.os.family

OS family (such as redhat, debian, freebsd, windows).

type: keyword

example: debian

user_agent.os.version

Operating system version as a raw string.

type: keyword

example: 10.14.1

user_agent.os.kernel

Operating system kernel version as a raw string.

type: keyword

example: 4.4.0-112-generic

experimental

Additional experimental data sent by the agents.

type: object