Log File Content Fields

Contains log file lines.

source

type: keyword

required: True

The file from which the line was read. This field contains the absolute path to the file. For example: /var/log/system.log.

offset

type: long

required: False

The file offset the reported line starts at.

message

type: text

required: True

The content of the line read from the log file.

type

required: True

The name of the log event. This field is set to the value specified for the document_type option in the prospector section of the Filebeat config file.

input_type

required: True

The input type from which the event was generated. This field is set to the value specified for the input_type option in the prospector section of the Filebeat config file.

error

Ingestion pipeline error message, added in case there are errors reported by the Ingest Node in Elasticsearch.

read_timestamp

In case the ingest pipeline parses the timestamp from the log contents, it stores the original @timestamp (representing the time when the log line was read) in this field.

fileset.module

The Filebeat module that generated this event.

fileset.name

The Filebeat fileset that generated this event.