Contains common beat fields available in all event types.
The name of the Beat sending the log messages. If the Beat name is set in the configuration file, then that value is used. If it is not set, the hostname is used. To set the Beat name, use the name option in the configuration file.
The hostname as returned by the operating system on which the Beat is running.
The version of the beat that generated this event.
type: date
example: August 26th 2016, 12:35:53.332
format: date
required: True
The timestamp when the event log record was generated.
Arbitrary tags that can be set per Beat and per transaction type.
type: dict
Contains user configurable fields.
Metadata from cloud providers added by the add_cloud_metadata processor.
example: ec2
Name of the cloud provider. Possible values are ec2, gce, or digitalocean.
Instance ID of the host machine.
example: t2.medium
Machine type of the host machine.
example: us-east-1c
Availability zone in which this host is running.
example: project-x
Name of the project in Google Cloud.
Region in which this host is running.
Contains log file lines.
type: keyword
required: True
The file from which the line was read. This field contains the full path to the file. For example: /var/log/system.log.
type: long
required: False
The file offset the reported line starts at.
type: text
required: True
The content of the line read from the log file.
required: True
The name of the log event. This field is set to the value specified for the document_type option in the prospector section of the Filebeat config file.
required: True
The input type from which the event was generated. This field is set to the value specified for the input_type option in the prospector section of the Filebeat config file.