You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| aws.dimensions.fingerprint | Autogenerated ID representing the fingerprint of the aws.dimensions object | keyword |
212
-
| aws.tags.\*| Tag key value pairs from aws resources. | object |
213
-
| cloud | Fields related to the cloud or infrastructure the events are coming from. | group |
214
-
| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
215
-
| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword |
216
-
| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword |
217
-
| cloud.image.id | Image ID for the cloud instance. | keyword |
218
-
| cloud.instance.id | Instance ID of the host machine. | keyword |
219
-
| cloud.instance.name | Instance name of the host machine. | keyword |
220
-
| cloud.machine.type | Machine type of the host machine. | keyword |
221
-
| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword |
222
-
| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
223
-
| cloud.region | Region in which this host, resource, or service is located. | keyword |
224
-
| container.id | Unique container id. | keyword |
225
-
| container.image.name | Name of the image the container was built on. | keyword |
226
-
| container.labels | Image labels. | object |
227
-
| container.name | Container name. | keyword |
228
-
| data_stream.dataset | Data stream dataset. | constant_keyword |
229
-
| data_stream.namespace | Data stream namespace. | constant_keyword |
230
-
| data_stream.type | Data stream type. | constant_keyword |
231
-
| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword |
232
-
| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group |
| host.architecture | Operating system architecture. | keyword |
237
-
| host.containerized | If the host is a container. | boolean |
238
-
| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword |
239
-
| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword |
240
-
| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword |
241
-
| host.ip | Host ip addresses. | ip |
242
-
| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword |
243
-
| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword |
244
-
| host.os.build | OS build information. | keyword |
245
-
| host.os.codename | OS codename, if any. | keyword |
246
-
| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword |
247
-
| host.os.kernel | Operating system kernel version as a raw string. | keyword |
248
-
| host.os.name | Operating system name, without the version. | keyword |
249
-
| host.os.name.text | Multi-field of `host.os.name`. | match_only_text |
| host.os.version | Operating system version as a raw string. | keyword |
252
-
| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword |
253
-
| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword |
204
+
| Field | Description | Type | Metric Type |
205
+
|---|---|---|---|
206
+
|@timestamp| Event timestamp. | date ||
207
+
| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword ||
208
+
| aws.\*.metrics.\*.\*| Metrics that returned from Cloudwatch API query. |double | gauge|
209
+
| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword ||
| aws.dimensions.fingerprint | Autogenerated ID representing the fingerprint of the aws.dimensions object | keyword ||
212
+
| aws.tags.\*| Tag key value pairs from aws resources. | object ||
213
+
| cloud | Fields related to the cloud or infrastructure the events are coming from. | group ||
214
+
| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword ||
215
+
| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword ||
216
+
| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword ||
217
+
| cloud.image.id | Image ID for the cloud instance. | keyword ||
218
+
| cloud.instance.id | Instance ID of the host machine. | keyword ||
219
+
| cloud.instance.name | Instance name of the host machine. | keyword ||
220
+
| cloud.machine.type | Machine type of the host machine. | keyword ||
221
+
| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword ||
222
+
| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword ||
223
+
| cloud.region | Region in which this host, resource, or service is located. | keyword ||
| container.image.name | Name of the image the container was built on. | keyword ||
226
+
| container.labels | Image labels. | object ||
227
+
| container.name | Container name. | keyword ||
228
+
| data_stream.dataset | Data stream dataset. | constant_keyword ||
229
+
| data_stream.namespace | Data stream namespace. | constant_keyword ||
230
+
| data_stream.type | Data stream type. | constant_keyword ||
231
+
| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword ||
232
+
| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group ||
| host.architecture | Operating system architecture. | keyword ||
237
+
| host.containerized | If the host is a container. | boolean ||
238
+
| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword ||
239
+
| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword ||
240
+
| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword ||
241
+
| host.ip | Host ip addresses. | ip ||
242
+
| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword ||
243
+
| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword ||
244
+
| host.os.build | OS build information. | keyword ||
245
+
| host.os.codename | OS codename, if any. | keyword ||
246
+
| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword ||
247
+
| host.os.kernel | Operating system kernel version as a raw string. | keyword ||
248
+
| host.os.name | Operating system name, without the version. | keyword ||
249
+
| host.os.name.text | Multi-field of `host.os.name`. | match_only_text ||
| host.os.version | Operating system version as a raw string. | keyword ||
252
+
| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword ||
253
+
| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword ||
0 commit comments