Common fieldsedit

These fields contain data about the environment in which the transaction or flow was captured.

server

The name of the server that served the transaction.

client_server

The name of the server that initiated the transaction.

service

The name of the logical service that served the transaction.

client_service

The name of the logical service that initiated the transaction.

ip

format: dotted notation.

The IP address of the server that served the transaction.

client_ip

format: dotted notation.

The IP address of the server that initiated the transaction.

real_ip

format: Dotted notation.

If the server initiating the transaction is a proxy, this field contains the original client IP address. For HTTP, for example, the IP address extracted from a configurable HTTP header, by default X-Forwarded-For. Unless this field is disabled, it always has a value, and it matches the client_ip for non proxy clients.

client_geoip fieldsedit

The GeoIP information of the client.

client_geoip.location

type: geo_point

example: {lat: 51, lon: 9}

The GeoIP location of the client_ip address. This field is available only if you define a GeoIP Processor as a pipeline in the Ingest GeoIP processor plugin or using Logstash.

client_port

format: dotted notation.

The layer 4 port of the process that initiated the transaction.

transport

example: udp

The transport protocol used for the transaction. If not specified, then tcp is assumed.

type

required: True

The type of the transaction (for example, HTTP, MySQL, Redis, or RUM) or "flow" in case of flows.

port

format: dotted notation.

The layer 4 port of the process that served the transaction.

proc

The name of the process that served the transaction.

cmdline

The command-line of the process that served the transaction.

client_proc

The name of the process that initiated the transaction.

client_cmdline

The command-line of the process that initiated the transaction.

release

The software release of the service serving the transaction. This can be the commit id or a semantic version.