-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfields.yml
313 lines (290 loc) · 7.83 KB
/
fields.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
- key: tuxbeat
title: tuxbeat
description:
fields:
- name: Print Service
type: group
fields:
- name: Service Name
type: keyword
- name: Service Type
type: keyword
- name: Routine Name
type: keyword
- name: Prog Name
type: keyword
- name: Queue Name
type: keyword
- name: Process ID
type: integer
- name: Machine ID
type: keyword
- name: Group ID
type: keyword
- name: Server ID
type: short
- name: Current Load
type: short
- name: Current Priority
type: short
- name: Current Trantime
type: short
- name: Current Blocktime
type: short
- name: Current BUFTYPECONV
type: short
- name: Requests Done
type: short
- name: Current status
type: keyword
- key: beat
title: Beat
description: >
Contains common beat fields available in all event types.
fields:
- name: beat.name
description: >
The name of the Beat sending the log messages. If the Beat name is
set in the configuration file, then that value is used. If it is not
set, the hostname is used. To set the Beat name, use the `name`
option in the configuration file.
- name: beat.hostname
description: >
The hostname as returned by the operating system on which the Beat is
running.
- name: beat.timezone
description: >
The timezone as returned by the operating system on which the Beat is
running.
- name: beat.version
description: >
The version of the beat that generated this event.
- name: "@timestamp"
type: date
required: true
format: date
example: August 26th 2016, 12:35:53.332
description: >
The timestamp when the event log record was generated.
- name: tags
description: >
Arbitrary tags that can be set per Beat and per transaction
type.
- name: fields
type: object
object_type: keyword
description: >
Contains user configurable fields.
- name: error
type: group
description: >
Error fields containing additional info in case of errors.
fields:
- name: message
type: text
description: >
Error message.
- name: code
type: long
description: >
Error code.
- name: type
type: keyword
description: >
Error type.
- key: alias
title: Alias
description: >
Alias fields for compatibility with 7.x.
fields:
# Common Beats fields
- name: host.hostname
type: alias
path: beat.hostname
- name: event.timezone
type: alias
path: beat.timezone
# Cloud processor fields
- name: cloud.provider
type: alias
path: meta.cloud.provider
- name: cloud.instance.id
type: alias
path: meta.cloud.instance_id
- name: cloud.instance.name
type: alias
path: meta.cloud.instance_name
- name: cloud.machine.type
type: alias
path: meta.cloud.machine_type
- name: cloud.availability_zone
type: alias
path: meta.cloud.availability_zone
- name: cloud.project.id
type: alias
path: meta.cloud.project_id
- name: cloud.region
type: alias
path: meta.cloud.region
# Docker processor fields
- name: container.id
type: alias
path: docker.container.id
- name: container.name
type: alias
path: docker.container.name
- name: container.image.name
type: alias
path: docker.container.image
- key: cloud
title: Cloud provider metadata
description: >
Metadata from cloud providers added by the add_cloud_metadata processor.
fields:
- name: meta.cloud.provider
example: ec2
description: >
Name of the cloud provider. Possible values are ec2, gce, or digitalocean.
- name: meta.cloud.instance_id
description: >
Instance ID of the host machine.
- name: meta.cloud.instance_name
description: >
Instance name of the host machine.
- name: meta.cloud.machine_type
example: t2.medium
description: >
Machine type of the host machine.
- name: meta.cloud.availability_zone
example: us-east-1c
description: >
Availability zone in which this host is running.
- name: meta.cloud.project_id
example: project-x
description: >
Name of the project in Google Cloud.
- name: meta.cloud.region
description: >
Region in which this host is running.
- key: docker
title: Docker
description: >
Docker stats collected from Docker.
short_config: false
anchor: docker-processor
fields:
- name: docker
type: group
fields:
- name: container.id
type: keyword
description: >
Unique container id.
- name: container.image
type: keyword
description: >
Name of the image the container was built on.
- name: container.name
type: keyword
description: >
Container name.
- name: container.labels
type: object
object_type: keyword
description: >
Image labels.
- key: host
title: Host
description: >
Info collected for the host machine.
anchor: host-processor
fields:
- name: host
type: group
fields:
- name: name
type: keyword
description: >
Hostname.
- name: id
type: keyword
description: >
Unique host id.
- name: architecture
type: keyword
description: >
Host architecture (e.g. x86_64, arm, ppc, mips).
- name: containerized
type: boolean
description: >
If the host is a container.
- name: os.platform
type: keyword
description: >
OS platform (e.g. centos, ubuntu, windows).
- name: os.name
type: keyword
description: >
Operating system name (e.g. "Mac OS X").
- name: os.build
type: keyword
description: >
OS build information (e.g. "18D109").
- name: os.version
type: keyword
description: >
OS version.
- name: os.family
type: keyword
description: >
OS family (e.g. redhat, debian, freebsd, windows).
- name: ip
type: ip
description: >
List of IP-addresses.
- name: mac
type: keyword
description: >
List of hardware-addresses, usually MAC-addresses.
- key: kubernetes
title: Kubernetes
description: >
Kubernetes metadata added by the kubernetes processor
short_config: false
anchor: kubernetes-processor
fields:
- name: kubernetes
type: group
fields:
- name: pod.name
type: keyword
description: >
Kubernetes pod name
- name: pod.uid
type: keyword
description: >
Kubernetes Pod UID
- name: namespace
type: keyword
description: >
Kubernetes namespace
- name: node.name
type: keyword
description: >
Kubernetes node name
- name: labels
type: object
description: >
Kubernetes labels map
- name: annotations
type: object
description: >
Kubernetes annotations map
- name: container.name
type: keyword
description: >
Kubernetes container name
- name: container.image
type: keyword
description: >
Kubernetes container image