IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« MySQL fields Osquery fields »
Elastic Docs Filebeat Reference [6.6] Exported fields

Nginx fields

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Nginx fields

edit

Module for parsing the Nginx log files.

nginx fields

edit

Fields from the Nginx log files.

access fields

edit

Contains fields for the Nginx access logs.

nginx.access.remote_ip_list

type: array

An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like X-Forwarded-For. See also the remote_ip field.

nginx.access.remote_ip

type: keyword

Client IP address. The first public IP address from the remote_ip_list array. If no public IP addresses are present, this field contains the first private IP address from the remote_ip_list array.

nginx.access.user_name

type: keyword

The user name used when basic authentication is used.

nginx.access.method

type: keyword

example: GET

The request HTTP method.

nginx.access.url

type: keyword

The request HTTP URL.

nginx.access.http_version

type: keyword

The HTTP version.

nginx.access.response_code

type: long

The HTTP response code.

nginx.access.body_sent.bytes

type: long

format: bytes

The number of bytes of the server response body.

nginx.access.referrer

type: keyword

The HTTP referrer.

nginx.access.agent

type: text

Contains the un-parsed user agent string. Only present if the user agent Elasticsearch plugin is not available or not used.

user_agent fields

edit

Contains the parsed User agent field. Only present if the user agent Elasticsearch plugin is available and used.

nginx.access.user_agent.device

type: keyword

The name of the physical device.

nginx.access.user_agent.major

type: long

The major version of the user agent.

nginx.access.user_agent.minor

type: long

The minor version of the user agent.

nginx.access.user_agent.patch

type: keyword

The patch version of the user agent.

nginx.access.user_agent.name

type: keyword

example: Chrome

The name of the user agent.

nginx.access.user_agent.os

type: keyword

The name of the operating system.

nginx.access.user_agent.os_major

type: long

The major version of the operating system.

nginx.access.user_agent.os_minor

type: long

The minor version of the operating system.

nginx.access.user_agent.os_name

type: keyword

The name of the operating system.

nginx.access.user_agent.original

type: text

Original user agent value before parsing by ingest-user-agent plugin.

Field is not indexed.

geoip fields

edit

Contains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.

nginx.access.geoip.continent_name

type: keyword

The name of the continent.

nginx.access.geoip.country_iso_code

type: keyword

Country ISO code.

nginx.access.geoip.location

type: geo_point

The longitude and latitude.

nginx.access.geoip.region_name

type: keyword

The region name.

nginx.access.geoip.city_name

type: keyword

The city name.

nginx.access.geoip.region_iso_code

type: keyword

Region ISO code.

error fields

edit

Contains fields for the Nginx error logs.

nginx.error.level

type: keyword

Error level (e.g. error, critical).

nginx.error.pid

type: long

Process identifier (PID).

nginx.error.tid

type: long

Thread identifier.

nginx.error.connection_id

type: long

Connection identifier.

nginx.error.message

type: text

The error message

« MySQL fields Osquery fields »