IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Exported fields Auditd fields »
Elastic Docs Filebeat Reference [6.5] Exported fields

Apache2 fields

edit

Apache2 fields

edit

Apache2 Module

apache2 fields

edit

Apache2 fields.

access fields

edit

Contains fields for the Apache2 HTTPD access logs.

apache2.access.remote_ip

type: keyword

Client IP address.

apache2.access.user_name

type: keyword

The user name used when basic authentication is used.

apache2.access.method

type: keyword

example: GET

The request HTTP method.

apache2.access.url

type: keyword

The request HTTP URL.

apache2.access.http_version

type: keyword

The HTTP version.

apache2.access.response_code

type: long

The HTTP response code.

apache2.access.body_sent.bytes

type: long

format: bytes

The number of bytes of the server response body.

apache2.access.referrer

type: keyword

The HTTP referrer.

apache2.access.agent

type: text

Contains the un-parsed user agent string. Only present if the user agent Elasticsearch plugin is not available or not used.

user_agent fields

edit

Contains the parsed User agent field. Only present if the user agent Elasticsearch plugin is available and used.

apache2.access.user_agent.device

type: keyword

The name of the physical device.

apache2.access.user_agent.major

type: long

The major version of the user agent.

apache2.access.user_agent.minor

type: long

The minor version of the user agent.

apache2.access.user_agent.patch

type: keyword

The patch version of the user agent.

apache2.access.user_agent.name

type: keyword

example: Chrome

The name of the user agent.

apache2.access.user_agent.os

type: keyword

The name of the operating system.

apache2.access.user_agent.os_major

type: long

The major version of the operating system.

apache2.access.user_agent.os_minor

type: long

The minor version of the operating system.

apache2.access.user_agent.os_name

type: keyword

The name of the operating system.

apache2.access.user_agent.original

type: text

Original user agent value before parsing by ingest-user-agent plugin.

Field is not indexed.

geoip fields

edit

Contains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.

apache2.access.geoip.continent_name

type: keyword

The name of the continent.

apache2.access.geoip.country_iso_code

type: keyword

Country ISO code.

apache2.access.geoip.location

type: geo_point

The longitude and latitude.

apache2.access.geoip.region_name

type: keyword

The region name.

apache2.access.geoip.city_name

type: keyword

The city name.

apache2.access.geoip.region_iso_code

type: keyword

Region ISO code.

error fields

edit

Fields from the Apache error logs.

apache2.error.level

type: keyword

The severity level of the message.

apache2.error.client

type: keyword

The IP address of the client that generated the error.

apache2.error.message

type: text

The logged message.

apache2.error.pid

type: long

The process ID.

apache2.error.tid

type: long

The thread ID.

apache2.error.module

type: keyword

The module producing the logged message.

« Exported fields Auditd fields »