WARNING: Version 5.2 of Filebeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Log File Content Fieldsedit
Contains log file lines.
sourceedit
type: keyword
required: True
The file from which the line was read. This field contains the full path to the file. For example: /var/log/system.log.
offsetedit
type: long
required: False
The file offset the reported line starts at.
messageedit
type: text
required: True
The content of the line read from the log file.
typeedit
required: True
The name of the log event. This field is set to the value specified for the document_type option in the prospector section of the Filebeat config file.
input_typeedit
required: True
The input type from which the event was generated. This field is set to the value specified for the input_type option in the prospector section of the Filebeat config file.