gaugendre/youtubebeat
1
0
Fork 0
Code Issues Pull requests Releases Activity
youtubebeat/vendor/github.com/elastic/beats/packetbeat/_meta/fields.common.yml

445 lines
14 KiB
YAML
Raw Normal View History

Add generated youtubebeat files
2018-11-18 11:08:38 +01:00
- key: common
title: Common
description: >
These fields contain data about the environment in which the
transaction or flow was captured.
fields:
- name: server
description: >
The name of the server that served the transaction.
- name: client_server
description: >
The name of the server that initiated the transaction.
- name: service
description: >
The name of the logical service that served the transaction.
- name: client_service
description: >
The name of the logical service that initiated the transaction.
- name: ip
description: >
The IP address of the server that served the transaction.
format: dotted notation.
- name: client_ip
description: >
The IP address of the server that initiated the transaction.
format: dotted notation.
- name: real_ip
description: >
If the server initiating the transaction is a proxy, this field
contains the original client IP address.
For HTTP, for example, the IP address extracted from a configurable
HTTP header, by default `X-Forwarded-For`.
Unless this field is disabled, it always has a value, and it matches
the `client_ip` for non proxy clients.
format: Dotted notation.
- name: client_geoip
description: The GeoIP information of the client.
type: group
fields:
- name: location
type: geo_point
example: {lat: 51, lon: 9}
description: >
The GeoIP location of the `client_ip` address. This field is available
only if you define a
https://www.elastic.co/guide/en/elasticsearch/plugins/master/using-ingest-geoip.html[GeoIP Processor] as a pipeline in the
https://www.elastic.co/guide/en/elasticsearch/plugins/master/ingest-geoip.html[Ingest GeoIP processor plugin] or using Logstash.
- name: client_port
description: >
The layer 4 port of the process that initiated the transaction.
format: dotted notation.
- name: transport
description: >
The transport protocol used for the transaction. If not specified, then
tcp is assumed.
example: udp
- name: type
description: >
The type of the transaction (for example, HTTP, MySQL, Redis, or RUM) or "flow" in case of flows.
required: true
- name: port
description: >
The layer 4 port of the process that served the transaction.
format: dotted notation.
- name: proc
description: >
The name of the process that served the transaction.
- name: cmdline
description: >
The command-line of the process that served the transaction.
- name: client_proc
description: >
The name of the process that initiated the transaction.
- name: client_cmdline
description: >
The command-line of the process that initiated the transaction.
- name: release
description: >
The software release of the service serving the transaction.
This can be the commit id or a semantic version.
- key: flows_event
title: "Flow Event"
description: >
These fields contain data about the flow itself.
fields:
- name: "start_time"
type: date
required: true
format: YYYY-MM-DDTHH:MM:SS.milliZ
example: 2015-01-24T14:06:05.071Z
description: >
The time, the first packet for the flow has been seen.
- name: "last_time"
type: date
required: true
format: YYYY-MM-DDTHH:MM:SS.milliZ
example: 2015-01-24T14:06:05.071Z
description: >
The time, the most recent processed packet for the flow has been seen.
- name: final
description: >
Indicates if event is last event in flow. If final is false, the event
reports an intermediate flow state only.
- name: flow_id
description: >
Internal flow id based on connection meta data and address.
- name: vlan
description: >
Innermost VLAN address used in network packets.
- name: outer_vlan
description: >
Second innermost VLAN address used in network packets.
- name: source
type: group
description: >
Properties of the source host
fields:
- name: mac
description: >
Source MAC address as indicated by first packet seen for the current flow.
- name: ip
description: >
Innermost IPv4 source address as indicated by first packet seen for the
current flow.
- name: ip_location
type: geo_point
example: "40.715, -74.011"
description: >
The GeoIP location of the `ip_source` IP address. The field is a string
containing the latitude and longitude separated by a comma.
- name: outer_ip
description: >
Second innermost IPv4 source address as indicated by first packet seen
for the current flow.
- name: outer_ip_location
type: geo_point
example: "40.715, -74.011"
description: >
The GeoIP location of the `outer_ip_source` IP address. The field is a
string containing the latitude and longitude separated by a comma.
- name: ipv6
description: >
Innermost IPv6 source address as indicated by first packet seen for the
current flow.
- name: ipv6_location
type: geo_point
example: "60.715, -76.011"
description: >
The GeoIP location of the `ipv6_source` IP address. The field is a string
containing the latitude and longitude separated by a comma.
- name: outer_ipv6
description: >
Second innermost IPv6 source address as indicated by first packet seen
for the current flow.
- name: outer_ipv6_location
type: geo_point
example: "60.715, -76.011"
description: >
The GeoIP location of the `outer_ipv6_source` IP address. The field is a
string containing the latitude and longitude separated by a comma.
- name: port
description: >
Source port number as indicated by first packet seen for the current flow.
- name: stats
type: group
description: >
Object with source to destination flow measurements.
fields:
- name: net_packets_total
type: long
description: >
Total number of packets
- name: net_bytes_total
type: long
description: >
Total number of bytes
- name: dest
type: group
description: >
Properties of the destination host
fields:
- name: mac
description: >
Destination MAC address as indicated by first packet seen for the current flow.
- name: ip
description: >
Innermost IPv4 destination address as indicated by first packet seen for the
current flow.
- name: ip_location
type: geo_point
example: "40.715, -74.011"
description: >
The GeoIP location of the `ip_dest` IP address. The field is a string
containing the latitude and longitude separated by a comma.
- name: outer_ip
description: >
Second innermost IPv4 destination address as indicated by first packet
seen for the current flow.
- name: outer_ip_location
type: geo_point
example: "40.715, -74.011"
description: >
The GeoIP location of the `outer_ip_dest` IP address. The field is a
string containing the latitude and longitude separated by a comma.
- name: ipv6
description: >
Innermost IPv6 destination address as indicated by first packet seen for the
current flow.
- name: ipv6_location
type: geo_point
example: "60.715, -76.011"
description: >
The GeoIP location of the `ipv6_dest` IP address. The field is a string
containing the latitude and longitude separated by a comma.
- name: outer_ipv6
description: >
Second innermost IPv6 destination address as indicated by first packet
seen for the current flow.
- name: outer_ipv6_location
type: geo_point
example: "60.715, -76.011"
description: >
The GeoIP location of the `outer_ipv6_dest` IP address. The field is a
string containing the latitude and longitude separated by a comma.
- name: port
description: >
Destination port number as indicated by first packet seen for the current flow.
- name: stats
type: group
description: >
Object with destination to source flow measurements.
fields:
- name: net_packets_total
type: long
description: >
Total number of packets
- name: net_bytes_total
type: long
description: >
Total number of bytes
- name: icmp_id
description: >
ICMP id used in ICMP based flow.
- name: connection_id
description: >
optional TCP connection id
- key: trans_event
title: "Transaction Event"
description: >
These fields contain data about the transaction itself.
fields:
- name: direction
required: true
description: >
Indicates whether the transaction is inbound (emitted by server)
or outbound (emitted by the client). Values can be in or out. No defaults.
possible_values:
- in
- out
- name: status
description: >
The high level status of the transaction. The way to compute this
value depends on the protocol, but the result has a meaning
independent of the protocol.
required: true
possible_values:
- OK
- Error
- Server Error
- Client Error
- name: method
description: >
The command/verb/method of the transaction. For HTTP, this is the
method name (GET, POST, PUT, and so on), for SQL this is the verb (SELECT,
UPDATE, DELETE, and so on).
- name: resource
description: >
The logical resource that this transaction refers to. For HTTP, this is
the URL path up to the last slash (/). For example, if the URL is `/users/1`,
the resource is `/users`. For databases, the resource is typically the
table name. The field is not filled for all transaction types.
- name: path
required: true
description: >
The path the transaction refers to. For HTTP, this is the URL.
For SQL databases, this is the table name. For key-value stores, this
is the key.
- name: query
type: keyword
description: >
The query in a human readable format. For HTTP, it will typically be
something like `GET /users/_search?name=test`. For MySQL, it is
something like `SELECT id from users where name=test`.
- name: params
type: text
description: >
The request parameters. For HTTP, these are the POST or GET parameters.
For Thrift-RPC, these are the parameters from the request.
- name: notes
description: >
Messages from Packetbeat itself. This field usually contains error messages for
interpreting the raw data. This information can be helpful for troubleshooting.
- key: raw
title: Raw
description: These fields contain the raw transaction data.
fields:
- name: request
type: text
description: >
For text protocols, this is the request as seen on the wire
(application layer only). For binary protocols this is our
representation of the request.
- name: response
type: text
description: >
For text protocols, this is the response as seen on the wire
(application layer only). For binary protocols this is our
representation of the request.
- key: trans_measurements
title: "Measurements (Transactions)"
description: >
These fields contain measurements related to the transaction.
fields:
- name: responsetime
description: >
The wall clock time it took to complete the transaction.
The precision is in milliseconds.
type: long
- name: cpu_time
description: The CPU time it took to complete the transaction.
type: long
- name: bytes_in
description: >
The number of bytes of the request. Note that this size is
the application layer message length, without the length of the IP or
TCP headers.
type: long
format: bytes
- name: bytes_out
description: >
The number of bytes of the response. Note that this size is
the application layer message length, without the length of the IP or
TCP headers.
type: long
format: bytes
- name: dnstime
type: long
description: >
The time it takes to query the name server for a given request.
This is typically used for RUM (real-user-monitoring) but can
also have values for server-to-server communication when DNS
is used for service discovery.
The precision is in microseconds.
- name: connecttime
type: long
description: >
The time it takes for the TCP connection to be established for
the given transaction.
The precision is in microseconds.
- name: loadtime
type: long
description: >
The time it takes for the content to be loaded. This is typically
used for RUM (real-user-monitoring) but it can make sense in other
cases as well.
The precision is in microseconds.
- name: domloadtime
type: long
description: >
In RUM (real-user-monitoring), the total time it takes for the
DOM to be loaded. In terms of the W3 Navigation Timing API, this is
the difference between `domContentLoadedEnd` and
`domContentLoadedStart`.
Reference in a new issue Copy permalink