youtubebeat/vendor/github.com/elastic/beats/heartbeat/docs/fields.asciidoc

932 lines
9.8 KiB
Text
Raw Normal View History

2018-11-18 11:08:38 +01:00
////
This file is generated! See _meta/fields.yml and scripts/generate_field_docs.py
////
[[exported-fields]]
= Exported fields
[partintro]
--
This document describes the fields that are exported by Heartbeat. They are
grouped in the following categories:
* <<exported-fields-beat>>
* <<exported-fields-cloud>>
* <<exported-fields-common>>
* <<exported-fields-docker-processor>>
* <<exported-fields-host-processor>>
* <<exported-fields-http>>
* <<exported-fields-icmp>>
* <<exported-fields-kubernetes-processor>>
* <<exported-fields-resolve>>
* <<exported-fields-socks5>>
* <<exported-fields-tcp>>
* <<exported-fields-tls>>
--
[[exported-fields-beat]]
== Beat fields
Contains common beat fields available in all event types.
*`beat.name`*::
+
--
The name of the Beat sending the log messages. If the Beat name is set in the configuration file, then that value is used. If it is not set, the hostname is used. To set the Beat name, use the `name` option in the configuration file.
--
*`beat.hostname`*::
+
--
The hostname as returned by the operating system on which the Beat is running.
--
*`beat.timezone`*::
+
--
The timezone as returned by the operating system on which the Beat is running.
--
*`beat.version`*::
+
--
The version of the beat that generated this event.
--
*`@timestamp`*::
+
--
type: date
example: August 26th 2016, 12:35:53.332
format: date
required: True
The timestamp when the event log record was generated.
--
*`tags`*::
+
--
Arbitrary tags that can be set per Beat and per transaction type.
--
*`fields`*::
+
--
type: object
Contains user configurable fields.
--
[float]
== error fields
Error fields containing additional info in case of errors.
*`error.message`*::
+
--
type: text
Error message.
--
*`error.code`*::
+
--
type: long
Error code.
--
*`error.type`*::
+
--
type: keyword
Error type.
--
[[exported-fields-cloud]]
== Cloud provider metadata fields
Metadata from cloud providers added by the add_cloud_metadata processor.
*`meta.cloud.provider`*::
+
--
example: ec2
Name of the cloud provider. Possible values are ec2, gce, or digitalocean.
--
*`meta.cloud.instance_id`*::
+
--
Instance ID of the host machine.
--
*`meta.cloud.instance_name`*::
+
--
Instance name of the host machine.
--
*`meta.cloud.machine_type`*::
+
--
example: t2.medium
Machine type of the host machine.
--
*`meta.cloud.availability_zone`*::
+
--
example: us-east-1c
Availability zone in which this host is running.
--
*`meta.cloud.project_id`*::
+
--
example: project-x
Name of the project in Google Cloud.
--
*`meta.cloud.region`*::
+
--
Region in which this host is running.
--
[[exported-fields-common]]
== Common heartbeat monitor fields
None
[float]
== monitor fields
Common monitor fields.
*`monitor.type`*::
+
--
type: keyword
The monitor type.
--
*`monitor.name`*::
+
--
type: keyword
The monitors configured name
--
*`monitor.id`*::
+
--
type: keyword
The monitors full job ID as used by heartbeat.
--
[float]
== duration fields
Total monitoring test duration
*`monitor.duration.us`*::
+
--
type: long
Duration in microseconds
--
*`monitor.scheme`*::
+
--
type: keyword
Address url scheme. For example `tcp`, `tls`, `http`, and `https`.
--
*`monitor.host`*::
+
--
type: keyword
Hostname of service being monitored. Can be missing, if service is monitored by IP.
--
*`monitor.ip`*::
+
--
type: ip
IP of service being monitored. If service is monitored by hostname, the `ip` field contains the resolved ip address for the current host.
--
*`monitor.status`*::
+
--
type: keyword
required: True
Indicator if monitor could validate the service to be available.
--
[[exported-fields-docker-processor]]
== Docker fields
Docker stats collected from Docker.
*`docker.container.id`*::
+
--
type: keyword
Unique container id.
--
*`docker.container.image`*::
+
--
type: keyword
Name of the image the container was built on.
--
*`docker.container.name`*::
+
--
type: keyword
Container name.
--
*`docker.container.labels`*::
+
--
type: object
Image labels.
--
[[exported-fields-host-processor]]
== Host fields
Info collected for the host machine.
*`host.name`*::
+
--
type: keyword
Hostname.
--
*`host.id`*::
+
--
type: keyword
Unique host id.
--
*`host.architecture`*::
+
--
type: keyword
Host architecture (e.g. x86_64, arm, ppc, mips).
--
*`host.os.platform`*::
+
--
type: keyword
OS platform (e.g. centos, ubuntu, windows).
--
*`host.os.version`*::
+
--
type: keyword
OS version.
--
*`host.os.family`*::
+
--
type: keyword
OS family (e.g. redhat, debian, freebsd, windows).
--
*`host.ip`*::
+
--
type: ip
List of IP-addresses.
--
*`host.mac`*::
+
--
type: keyword
List of hardware-addresses, usually MAC-addresses.
--
[[exported-fields-http]]
== HTTP monitor fields
None
[float]
== http fields
HTTP related fields.
*`http.url`*::
+
--
type: text
Service url used by monitor.
*`http.url.raw`*::
+
--
type: keyword
The service url used by monitor. This is a non-analyzed field that is useful for aggregations.
--
--
[float]
== response fields
Service response parameters.
*`http.response.status_code`*::
+
--
type: integer
Response status code.
--
[float]
== rtt fields
HTTP layer round trip times.
[float]
== validate fields
Duration between first byte of HTTP request being written and
response being processed by validator. Duration based on already
available network connection.
Note: if validator is not reading body or only a prefix, this
number does not fully represent the total time needed
to read the body.
*`http.rtt.validate.us`*::
+
--
type: long
Duration in microseconds
--
[float]
== validate_body fields
Duration of validator required to read and validate the response
body.
Note: if validator is not reading body or only a prefix, this
number does not fully represent the total time needed
to read the body.
*`http.rtt.validate_body.us`*::
+
--
type: long
Duration in microseconds
--
[float]
== write_request fields
Duration of sending the complete HTTP request. Duration based on already available network connection.
*`http.rtt.write_request.us`*::
+
--
type: long
Duration in microseconds
--
[float]
== response_header fields
Time required between sending the start of sending the HTTP request and first byte from HTTP response being read. Duration based on already available network connection.
*`http.rtt.response_header.us`*::
+
--
type: long
Duration in microseconds
--
*`http.rtt.content.us`*::
+
--
type: long
Time required to retrieved the content in micro seconds.
--
[float]
== total fields
Duration required to process the HTTP transaction. Starts with
the initial TCP connection attempt. Ends with after validator
did check the response.
Note: if validator is not reading body or only a prefix, this
number does not fully represent the total time needed.
*`http.rtt.total.us`*::
+
--
type: long
Duration in microseconds
--
[[exported-fields-icmp]]
== ICMP fields
None
[float]
== icmp fields
IP ping fields.
*`icmp.requests`*::
+
--
type: integer
Number if ICMP EchoRequests send.
--
[float]
== rtt fields
ICMP Echo Request and Reply round trip time
*`icmp.rtt.us`*::
+
--
type: long
Duration in microseconds
--
[[exported-fields-kubernetes-processor]]
== Kubernetes fields
Kubernetes metadata added by the kubernetes processor
*`kubernetes.pod.name`*::
+
--
type: keyword
Kubernetes pod name
--
*`kubernetes.pod.uid`*::
+
--
type: keyword
Kubernetes Pod UID
--
*`kubernetes.namespace`*::
+
--
type: keyword
Kubernetes namespace
--
*`kubernetes.node.name`*::
+
--
type: keyword
Kubernetes node name
--
*`kubernetes.labels`*::
+
--
type: object
Kubernetes labels map
--
*`kubernetes.annotations`*::
+
--
type: object
Kubernetes annotations map
--
*`kubernetes.container.name`*::
+
--
type: keyword
Kubernetes container name
--
*`kubernetes.container.image`*::
+
--
type: keyword
Kubernetes container image
--
[[exported-fields-resolve]]
== Host lookup fields
None
[float]
== resolve fields
Host lookup fields.
*`resolve.host`*::
+
--
type: keyword
Hostname of service being monitored.
--
*`resolve.ip`*::
+
--
type: ip
IP address found for the given host.
--
[float]
== rtt fields
Duration required to resolve an IP from hostname.
*`resolve.rtt.us`*::
+
--
type: long
Duration in microseconds
--
[[exported-fields-socks5]]
== SOCKS5 proxy fields
None
[float]
== socks5 fields
SOCKS5 proxy related fields:
[float]
== rtt fields
TLS layer round trip times.
[float]
== connect fields
Time required to establish a connection via SOCKS5 to endpoint based on available connection to SOCKS5 proxy.
*`socks5.rtt.connect.us`*::
+
--
type: long
Duration in microseconds
--
[[exported-fields-tcp]]
== TCP layer fields
None
[float]
== tcp fields
TCP network layer related fields.
*`tcp.port`*::
+
--
type: integer
Service port number.
--
[float]
== rtt fields
TCP layer round trip times.
[float]
== connect fields
Duration required to establish a TCP connection based on already available IP address.
*`tcp.rtt.connect.us`*::
+
--
type: long
Duration in microseconds
--
[float]
== validate fields
Duration of validation step based on existing TCP connection.
*`tcp.rtt.validate.us`*::
+
--
type: long
Duration in microseconds
--
[[exported-fields-tls]]
== TLS encryption layer fields
None
[float]
== tls fields
TLS layer related fields.
*`tls.certificate_not_valid_before`*::
+
--
type: date
Earliest time at which the connection's certificates are valid.
--
*`tls.certificate_not_valid_after`*::
+
--
type: date
Latest time at which the connection's certificates are valid.
--
[float]
== rtt fields
TLS layer round trip times.
[float]
== handshake fields
Time required to finish TLS handshake based on already available network connection.
*`tls.rtt.handshake.us`*::
+
--
type: long
Duration in microseconds
--