fields.asciidoc

Exported Fields

Beat Fields

Contains common beat fields available in all event types.

beat.name

The name of the Beat sending the log messages. If the Beat name is set in the configuration file, then that value is used. If it is not set, the hostname is used. To set the Beat name, use the name option in the configuration file.

beat.hostname

The hostname as returned by the operating system on which the Beat is running.

beat.version

The version of the beat that generated this event.

@timestamp

type: date

example: August 26th 2016, 12:35:53.332

format: date

required: True

The timestamp when the event log record was generated.

tags

Arbitrary tags that can be set per Beat and per transaction type.

fields

type: dict

Contains user configurable fields.

Cloud Provider Metadata Fields

Metadata from cloud providers added by the add_cloud_metadata processor.

meta.cloud.provider

example: ec2

Name of the cloud provider. Possible values are ec2, gce, or digitalocean.

meta.cloud.instance_id

Instance ID of the host machine.

meta.cloud.machine_type

example: t2.medium

Machine type of the host machine.

meta.cloud.availability_zone

example: us-east-1c

Availability zone in which this host is running.

meta.cloud.project_id

example: project-x

Name of the project in Google Cloud.

meta.cloud.region

Region in which this host is running.

execbeat Fields

Contains information about the command execution.

exec.command

type: keyword

The command executed by Execbeat.

exec.stdout

type: keyword

Standard output produced by the command executed by Execbeat.

exec.stderr

type: keyword

Standard error produced by the command executed by Execbeat.

exec.exitCode

type: keyword

Exit code of the command executed by Execbeat.