WARNING: Version 6.1 of Filebeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Nginx fieldsedit
Module for parsing the Nginx log files.
nginx fieldsedit
Fields from the Nginx log files.
access fieldsedit
Contains fields for the Nginx access logs.
nginx.access.remote_ip_list
edit
type: array
An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like X-Forwarded-For
. See also the remote_ip
field.
nginx.access.remote_ip
edit
type: keyword
Client IP address. The first public IP address from the remote_ip_list
array. If no public IP addresses are present, this field contains the first private IP address from the remote_ip_list
array.
nginx.access.user_name
edit
type: keyword
The user name used when basic authentication is used.
nginx.access.method
edit
type: keyword
example: GET
The request HTTP method.
nginx.access.url
edit
type: keyword
The request HTTP URL.
nginx.access.http_version
edit
type: keyword
The HTTP version.
nginx.access.response_code
edit
type: long
The HTTP response code.
nginx.access.body_sent.bytes
edit
type: long
format: bytes
The number of bytes of the server response body.
nginx.access.referrer
edit
type: keyword
The HTTP referrer.
nginx.access.agent
edit
type: text
Contains the un-parsed user agent string. Only present if the user agent Elasticsearch plugin is not available or not used.
user_agent fieldsedit
Contains the parsed User agent field. Only present if the user agent Elasticsearch plugin is available and used.
nginx.access.user_agent.device
edit
type: keyword
The name of the physical device.
nginx.access.user_agent.major
edit
type: long
The major version of the user agent.
nginx.access.user_agent.minor
edit
type: long
The minor version of the user agent.
nginx.access.user_agent.patch
edit
type: keyword
The patch version of the user agent.
nginx.access.user_agent.name
edit
type: keyword
example: Chrome
The name of the user agent.
nginx.access.user_agent.os
edit
type: keyword
The name of the operating system.
nginx.access.user_agent.os_major
edit
type: long
The major version of the operating system.
nginx.access.user_agent.os_minor
edit
type: long
The minor version of the operating system.
nginx.access.user_agent.os_name
edit
type: keyword
The name of the operating system.
geoip fieldsedit
Contains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.
nginx.access.geoip.continent_name
edit
type: keyword
The name of the continent.
nginx.access.geoip.country_iso_code
edit
type: keyword
Country ISO code.
nginx.access.geoip.location
edit
type: geo_point
The longitude and latitude.
nginx.access.geoip.region_name
edit
type: keyword
The region name.
nginx.access.geoip.city_name
edit
type: keyword
The city name.
error fieldsedit
Contains fields for the Nginx error logs.
nginx.error.level
edit
type: keyword
Error level (e.g. error, critical).
nginx.error.pid
edit
type: long
Process identifier (PID).
nginx.error.tid
edit
type: long
Thread identifier.
nginx.error.connection_id
edit
type: long
Connection identifier.
nginx.error.message
edit
type: text
The error message