Module for handling logs from AWS.
Fields from AWS logs.
Fields for AWS ELB logs.
The name of the load balancer.
The type of the load balancer for v2 Load Balancers.
The ARN of the target group handling the request.
The ELB listener that received the connection.
The protocol of the load balancer (http or tcp).
The total time in seconds since the connection or request is received until it is sent to a registered backend.
The total time in seconds since the connection is sent to the backend till the backend starts responding.
The total time in seconds since the response is received from the backend till it is sent to the client.
The total time of the connection in milliseconds, since it is opened till it is closed.
The total time for the TLS handshake to complete in milliseconds once the connection has been established.
The IP address of the backend processing this connection.
The port in the backend processing this connection.
The status code from the backend (status code sent to the client from ELB is stored in
The SSL cipher used in TLS/SSL connections.
The SSL protocol used in TLS/SSL connections.
The ARN of the chosen certificate presented to the client in TLS/SSL connections.
The serial number of the chosen certificate presented to the client in TLS/SSL connections.
The integer value of TLS alerts received by the load balancer from the client, if present.
The TLS named group.
The contents of the
The priority value of the rule that matched the request, if a rule matched.
The action executed when processing the request (forward, fixed-response, authenticate…). It can contain several values.
The URL used if a redirection action was executed.
The error reason if the executed action failed.
Fields for AWS S3 server access logs.
The canonical user ID of the owner of the source bucket.
The name of the bucket that the request was processed against.
The apparent internet address of the requester.
The canonical user ID of the requester, or a - for unauthenticated requests.
A string generated by Amazon S3 to uniquely identify each request.
The operation listed here is declared as SOAP.operation, REST.HTTP_method.resource_type, WEBSITE.HTTP_method.resource_type, or BATCH.DELETE.OBJECT.
The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter.
The Request-URI part of the HTTP request message.
The numeric HTTP status code of the response.
The Amazon S3 Error Code, or "-" if no error occurred.
The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero.
The total size of the object in question.
The number of milliseconds the request was in flight from the server’s perspective.
The number of milliseconds that Amazon S3 spent processing your request.
The value of the HTTP Referrer header, if present.
The value of the HTTP User-Agent header.
The version ID in the request, or "-" if the operation does not take a versionId parameter.
The x-amz-id-2 or Amazon S3 extended request ID.
The signature version, SigV2 or SigV4, that was used to authenticate the request or a - for unauthenticated requests.
The Secure Sockets Layer (SSL) cipher that was negotiated for HTTPS request or a - for HTTP.
The type of request authentication used, AuthHeader for authentication headers, QueryString for query string (pre-signed URL) or a - for unauthenticated requests.
The endpoint used to connect to Amazon S3.
The Transport Layer Security (TLS) version negotiated by the client.