AWS fields

Module for handling logs from AWS.

aws

Fields from AWS logs.

elb

Fields for AWS ELB logs.

aws.elb.name

The name of the load balancer.

type: keyword

aws.elb.type

The type of the load balancer for v2 Load Balancers.

type: keyword

aws.elb.target_group.arn

The ARN of the target group handling the request.

type: keyword

aws.elb.listener

The ELB listener that received the connection.

type: keyword

aws.elb.protocol

The protocol of the load balancer (http or tcp).

type: keyword

aws.elb.request_processing_time.sec

The total time in seconds since the connection or request is received until it is sent to a registered backend.

type: float

aws.elb.backend_processing_time.sec

The total time in seconds since the connection is sent to the backend till the backend starts responding.

type: float

aws.elb.response_processing_time.sec

The total time in seconds since the response is received from the backend till it is sent to the client.

type: float

aws.elb.connection_time.ms

The total time of the connection in milliseconds, since it is opened till it is closed.

type: long

aws.elb.tls_handshake_time.ms

The total time for the TLS handshake to complete in milliseconds once the connection has been established.

type: long

aws.elb.backend.ip

The IP address of the backend processing this connection.

type: keyword

aws.elb.backend.port

The port in the backend processing this connection.

type: keyword

aws.elb.backend.http.response.status_code

The status code from the backend (status code sent to the client from ELB is stored in http.response.status_code

type: keyword

aws.elb.ssl_cipher

The SSL cipher used in TLS/SSL connections.

type: keyword

aws.elb.ssl_protocol

The SSL protocol used in TLS/SSL connections.

type: keyword

aws.elb.chosen_cert.arn

The ARN of the chosen certificate presented to the client in TLS/SSL connections.

type: keyword

aws.elb.chosen_cert.serial

The serial number of the chosen certificate presented to the client in TLS/SSL connections.

type: keyword

aws.elb.incoming_tls_alert

The integer value of TLS alerts received by the load balancer from the client, if present.

type: keyword

aws.elb.tls_named_group

The TLS named group.

type: keyword

aws.elb.trace_id

The contents of the X-Amzn-Trace-Id header.

type: keyword

aws.elb.matched_rule_priority

The priority value of the rule that matched the request, if a rule matched.

type: keyword

aws.elb.action_executed

The action executed when processing the request (forward, fixed-response, authenticate…​). It can contain several values.

type: keyword

aws.elb.redirect_url

The URL used if a redirection action was executed.

type: keyword

aws.elb.error.reason

The error reason if the executed action failed.

type: keyword

s3access

Fields for AWS S3 server access logs.

aws.s3access.bucket_owner

The canonical user ID of the owner of the source bucket.

type: keyword

aws.s3access.bucket

The name of the bucket that the request was processed against.

type: keyword

aws.s3access.remote_ip

The apparent internet address of the requester.

type: ip

aws.s3access.requester

The canonical user ID of the requester, or a - for unauthenticated requests.

type: keyword

aws.s3access.request_id

A string generated by Amazon S3 to uniquely identify each request.

type: keyword

aws.s3access.operation

The operation listed here is declared as SOAP.operation, REST.HTTP_method.resource_type, WEBSITE.HTTP_method.resource_type, or BATCH.DELETE.OBJECT.

type: keyword

aws.s3access.key

The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter.

type: keyword

aws.s3access.request_uri

The Request-URI part of the HTTP request message.

type: keyword

aws.s3access.http_status

The numeric HTTP status code of the response.

type: long

aws.s3access.error_code

The Amazon S3 Error Code, or "-" if no error occurred.

type: keyword

aws.s3access.bytes_sent

The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero.

type: long

aws.s3access.object_size

The total size of the object in question.

type: long

aws.s3access.total_time

The number of milliseconds the request was in flight from the server’s perspective.

type: long

aws.s3access.turn_around_time

The number of milliseconds that Amazon S3 spent processing your request.

type: long

aws.s3access.referrer

The value of the HTTP Referrer header, if present.

type: keyword

aws.s3access.user_agent

The value of the HTTP User-Agent header.

type: keyword

aws.s3access.version_id

The version ID in the request, or "-" if the operation does not take a versionId parameter.

type: keyword

aws.s3access.host_id

The x-amz-id-2 or Amazon S3 extended request ID.

type: keyword

aws.s3access.signature_version

The signature version, SigV2 or SigV4, that was used to authenticate the request or a - for unauthenticated requests.

type: keyword

aws.s3access.cipher_suite

The Secure Sockets Layer (SSL) cipher that was negotiated for HTTPS request or a - for HTTP.

type: keyword

aws.s3access.authentication_type

The type of request authentication used, AuthHeader for authentication headers, QueryString for query string (pre-signed URL) or a - for unauthenticated requests.

type: keyword

aws.s3access.host_header

The endpoint used to connect to Amazon S3.

type: keyword

aws.s3access.tls_version

The Transport Layer Security (TLS) version negotiated by the client.

type: keyword