Log File Content Fieldsedit

Contains log file lines.

sourceedit

type: keyword

required: True

The file from which the line was read. This field contains the absolute path to the file. For example: /var/log/system.log.

offsetedit

type: long

required: False

The file offset the reported line starts at.

messageedit

type: text

required: True

The content of the line read from the log file.

typeedit

required: True

The name of the log event. This field is set to the value specified for the document_type option in the prospector section of the Filebeat config file.

input_typeedit

required: True

The input type from which the event was generated. This field is set to the value specified for the input_type option in the prospector section of the Filebeat config file.

erroredit

Ingestion pipeline error message, added in case there are errors reported by the Ingest Node in Elasticsearch.

read_timestampedit

In case the ingest pipeline parses the timestamp from the log contents, it stores the original @timestamp (representing the time when the log line was read) in this field.

fileset.moduleedit

The Filebeat module that generated this event.

fileset.nameedit

The Filebeat fileset that generated this event.