Log Fields | Elastic Common Schema (ECS) Reference [1.0]

IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

› ›

« HTTP Fields Network Fields »

Log Fieldsedit

Fields which are specific to log events.

Log Field Detailsedit

Field Description Level

Field	Description	Level
log.level	Original log level of the log event. Some examples are `warn`, `error`, `i`. type: keyword example: `err`	core
log.original	This is the original log message and contains the full log message before splitting it up in multiple parts. In contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message. This field is not indexed and doc_values are disabled so it can’t be queried but the value can be retrieved from `_source`. type: keyword example: `Sep 19 08:26:10 localhost My log`	core

log.level

Original log level of the log event.

Some examples are warn, error, i.

type: keyword

example: err

core

log.original

This is the original log message and contains the full log message before splitting it up in multiple parts.

In contrast to the message field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message.

This field is not indexed and doc_values are disabled so it can’t be queried but the value can be retrieved from _source.

type: keyword

example: Sep 19 08:26:10 localhost My log

core

« HTTP Fields Network Fields »