General APM fieldsedit

Fields common to various APM events.

listening

type: keyword

Address the server is listening on.

processor.name

type: keyword

Processor name.

processor.event

type: keyword

Processor event.

timestamp.us

type: long

Timestamp of the event in microseconds since Unix epoch.

context fieldsedit

Any arbitrary contextual information regarding the event, captured by the agent, optionally provided by the user.

context.custom
type: object
context.db.instance

type: keyword

Field is not indexed.

context.db.statement

type: keyword

Field is not indexed.

context.db.type

type: keyword

Field is not indexed.

context.db.user

type: keyword

Field is not indexed.

context.http.method

type: keyword

Field is not indexed.

context.http.status_code

type: long

The status code of the http response.

context.http.url

type: keyword

Field is not indexed.

context.tags

type: object

A flat mapping of user-defined tags with string values.

context.user.username

type: keyword

The username of the logged in user.

context.user.id

type: keyword

Identifier of the logged in user.

context.user.email

type: keyword

Email of the logged in user.

context.user.ip

type: ip

IP of the user where the event is recorded, typically a web browser. This is obtained from the X-Forwarded-For header, of which the first entry is the IP of the original client. This value however might not be necessarily trusted, as it can be forged by a malicious user.

context.user.user-agent

type: text

Software agent acting in behalf of a user, eg. a web browser / OS combination.

context.request.body
type: object
context.request.cookies
type: object
context.request.headers
type: object
context.request.env
type: object
context.request.socket
type: object

url fieldsedit

A complete Url, with scheme, host and path.

context.request.url.raw

type: keyword

The raw, unparsed URL of the request, e.g https://example.com:443/search?q=elasticsearch#top.

context.request.url.protocol

type: keyword

The protocol of the request, e.g. "https:".

context.request.url.full

type: keyword

The full, possibly agent-assembled URL of the request, e.g https://example.com:443/search?q=elasticsearch#top.

context.request.url.hostname

type: keyword

The hostname of the request, e.g. "example.com".

context.request.url.port

type: keyword

The port of the request, e.g. 443.

context.request.url.pathname

type: keyword

The path of the request, e.g. "/search".

context.request.url.search

type: keyword

The search describes the query string of the request, e.g. "q=elasticsearch".

context.request.url.hash

type: keyword

The hash of the request URL, e.g. "top".

context.request.http_version

type: keyword

The http version of the request leading to this event.

context.request.method

type: keyword

The http method of the request leading to this event.

context.response.headers
type: object
context.response.headers_sent

type: boolean

Field is not indexed.

context.response.status_code

type: long

The http status code of the response, eg. 200.

context.response.finished

type: boolean

A boolean indicating whether the response was finished or not.

system fieldsedit

Optional system fields.

context.system.hostname

type: keyword

The hostname of the system the event was recorded on.

context.system.architecture

type: keyword

The architecture of the system the event was recorded on.

context.system.platform

type: keyword

The platform of the system the event was recorded on.

context.system.ip

type: ip

IP of the host that records the event.

process fieldsedit

Information pertaining to the running process where the data was collected

context.process.argv
type: object
context.process.pid

type: long

Numeric process ID of the service process.

context.process.ppid

type: long

Numeric ID of the service’s parent process.

context.process.title

type: keyword

Service process title.

service fieldsedit

Service fields.

context.service.name

type: keyword

format: url

Immutable unique name of the service emitting this event.

context.service.version

type: keyword

Version of the service emitting this event.

context.service.environment

type: keyword

Service environment.

context.service.language.name

type: keyword

Name of the programming language used.

context.service.language.version

type: keyword

Version of the programming language used.

context.service.runtime.name

type: keyword

Name of the runtime used.

context.service.runtime.version

type: keyword

Version of the runtime used.

context.service.framework.name

type: keyword

Name of the framework used.

context.service.framework.version

type: keyword

Version of the framework used.

context.service.agent.name

type: keyword

Name of the agent used.

context.service.agent.version

type: keyword

Version of the agent used.

transaction.id

type: keyword

format: url

The transaction ID.

transaction.sampled

type: boolean

Transactions that are sampled will include all available information. Transactions that are not sampled will not have spans or context.

trace.id

type: keyword

The ID of the trace to which the event belongs to.

parent.id

type: keyword

The ID of the parent event.