elasticsearch fieldsedit

elasticsearch Module

elasticsearch fieldsedit

elasticsearch.component

type: keyword

example: o.e.c.m.MetaDataCreateIndexService

Elasticsearch component from where the log event originated

elasticsearch.cluster.uuid

type: keyword

example: GmvrbHlNTiSVYiPf8kxg9g

UUID of the cluster

elasticsearch.cluster.name

type: keyword

example: docker-cluster

Name of the cluster

elasticsearch.node.id

type: keyword

example: DSiWcTyeThWtUXLB9J0BMw

ID of the node

elasticsearch.node.name

type: keyword

example: vWNJsZ3

Name of the node

elasticsearch.index.name

type: keyword

example: filebeat-test-input

Index name

elasticsearch.index.id

type: keyword

example: aOGgDwbURfCV57AScqbCgw

Index id

elasticsearch.shard.id

type: keyword

example: 0

Id of the shard

audit fieldsedit

elasticsearch.audit.layer

type: keyword

example: rest

The layer from which this event originated: rest, transport or ip_filter

elasticsearch.audit.event_type

type: keyword

example: access_granted

The type of event that occurred: anonymous_access_denied, authentication_failed, access_denied, access_granted, connection_granted, connection_denied, tampered_request, run_as_granted, run_as_denied

elasticsearch.audit.origin.type

type: keyword

example: local_node

Where the request originated: rest (request originated from a REST API request), transport (request was received on the transport channel), local_node (the local node issued the request)

elasticsearch.audit.realm

type: keyword

The authentication realm the authentication was validated against

elasticsearch.audit.user.realm

type: keyword

The user’s authentication realm, if authenticated

elasticsearch.audit.user.roles

type: keyword

example: [kibana_user, beats_admin]

Roles to which the principal belongs

elasticsearch.audit.action

type: keyword

example: cluster:monitor/main

The name of the action that was executed

elasticsearch.audit.url.params

example: jacknich2

REST URI parameters

elasticsearch.audit.indices

type: keyword

example: [foo-2019.01.04, foo-2019.01.03, foo-2019.01.06]

Indices accessed by action

elasticsearch.audit.request.id

type: keyword

example: WzL_kb6VSvOhAq0twPvHOQ

Unique ID of request

elasticsearch.audit.request.name

type: keyword

example: ClearScrollRequest

The type of request that was executed

elasticsearch.audit.request_body

type: alias

alias to: http.request.body.content

elasticsearch.audit.origin_address

type: alias

alias to: source.ip

elasticsearch.audit.uri

type: alias

alias to: url.original

elasticsearch.audit.principal

type: alias

alias to: user.name

deprecation fieldsedit

gc fieldsedit

GC fileset fields.

phase fieldsedit

Fields specific to GC phase.

elasticsearch.gc.phase.name

type: keyword

Name of the GC collection phase.

elasticsearch.gc.phase.duration_sec

type: float

Collection phase duration according to the Java virtual machine.

elasticsearch.gc.phase.scrub_symbol_table_time_sec

type: float

Pause time in seconds cleaning up symbol tables.

elasticsearch.gc.phase.scrub_string_table_time_sec

type: float

Pause time in seconds cleaning up string tables.

elasticsearch.gc.phase.weak_refs_processing_time_sec

type: float

Time spent processing weak references in seconds.

elasticsearch.gc.phase.parallel_rescan_time_sec

type: float

Time spent in seconds marking live objects while application is stopped.

elasticsearch.gc.phase.class_unload_time_sec

type: float

Time spent unloading unused classes in seconds.

cpu_time fieldsedit

Process CPU time spent performing collections.

elasticsearch.gc.phase.cpu_time.user_sec

type: float

CPU time spent outside the kernel.

elasticsearch.gc.phase.cpu_time.sys_sec

type: float

CPU time spent inside the kernel.

elasticsearch.gc.phase.cpu_time.real_sec

type: float

Total elapsed CPU time spent to complete the collection from start to finish.

elasticsearch.gc.jvm_runtime_sec

type: float

The time from JVM start up in seconds, as a floating point number.

elasticsearch.gc.threads_total_stop_time_sec

type: float

Garbage collection threads total stop time seconds.

elasticsearch.gc.stopping_threads_time_sec

type: float

Time took to stop threads seconds.

elasticsearch.gc.tags

type: keyword

GC logging tags.

heap fieldsedit

Heap allocation and total size.

elasticsearch.gc.heap.size_kb

type: integer

Total heap size in kilobytes.

elasticsearch.gc.heap.used_kb

type: integer

Used heap in kilobytes.

old_gen fieldsedit

Old generation occupancy and total size.

elasticsearch.gc.old_gen.size_kb

type: integer

Total size of old generation in kilobytes.

elasticsearch.gc.old_gen.used_kb

type: integer

Old generation occupancy in kilobytes.

young_gen fieldsedit

Young generation occupancy and total size.

elasticsearch.gc.young_gen.size_kb

type: integer

Total size of young generation in kilobytes.

elasticsearch.gc.young_gen.used_kb

type: integer

Young generation occupancy in kilobytes.

server fieldsedit

Server log file

elasticsearch.server.stacktrace
Field is not indexed.

gc fieldsedit

GC log

young fieldsedit

Young GC

elasticsearch.server.gc.young.one

type: long

example:

elasticsearch.server.gc.young.two

type: long

example:

elasticsearch.server.gc.overhead_seq

type: long

example: 3449992

Sequence number

elasticsearch.server.gc.collection_duration.ms

type: float

example: 1600

Time spent in GC, in milliseconds

elasticsearch.server.gc.observation_duration.ms

type: float

example: 1800

Total time over which collection was observed, in milliseconds

slowlog fieldsedit

Slowlog events from Elasticsearch

elasticsearch.slowlog.logger

type: keyword

example: index.search.slowlog.fetch

Logger name

elasticsearch.slowlog.took

type: keyword

example: 300ms

Time it took to execute the query

elasticsearch.slowlog.types

type: keyword

example:

Types

elasticsearch.slowlog.stats

type: keyword

example: group1

Stats groups

elasticsearch.slowlog.search_type

type: keyword

example: QUERY_THEN_FETCH

Search type

elasticsearch.slowlog.source_query

type: keyword

example: {"query":{"match_all":{"boost":1.0}}}

Slow query

elasticsearch.slowlog.extra_source

type: keyword

example:

Extra source information

elasticsearch.slowlog.total_hits

type: keyword

example: 42

Total hits

elasticsearch.slowlog.total_shards

type: keyword

example: 22

Total queried shards

elasticsearch.slowlog.routing

type: keyword

example: s01HZ2QBk9jw4gtgaFtn

Routing

elasticsearch.slowlog.id

type: keyword

example:

Id

elasticsearch.slowlog.type

type: keyword

example: doc

Type