WARNING: Version 5.2 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Common Fieldsedit
These fields contain data about the environment in which the transaction or flow was captured.
serveredit
The name of the server that served the transaction.
client_serveredit
The name of the server that initiated the transaction.
serviceedit
The name of the logical service that served the transaction.
client_serviceedit
The name of the logical service that initiated the transaction.
ipedit
format: dotted notation.
The IP address of the server that served the transaction.
client_ipedit
format: dotted notation.
The IP address of the server that initiated the transaction.
real_ipedit
format: Dotted notation.
If the server initiating the transaction is a proxy, this field contains the original client IP address. For HTTP, for example, the IP address extracted from a configurable HTTP header, by default X-Forwarded-For
.
Unless this field is disabled, it always has a value, and it matches the client_ip
for non proxy clients.
client_locationedit
type: geo_point
example: 40.715, -74.011
DEPRECATED. Please use client_geoip
instead. The GeoIP location of the real_ip
IP address or of the client_ip
address if the real_ip
is disabled. The field is a string containing the latitude and longitude separated by a comma.
client_geoip Fieldsedit
The GeoIP information of the client.
client_geoip.locationedit
type: geo_point
example: {lat: 51, lon: 9}
The GeoIP location of the client_ip
address. This field is available only if you define a GeoIP Processor as a pipeline in the Ingest GeoIP processor plugin or using Logstash.
client_portedit
format: dotted notation.
The layer 4 port of the process that initiated the transaction.
transportedit
example: udp
The transport protocol used for the transaction. If not specified, then tcp is assumed.
typeedit
required: True
The type of the transaction (for example, HTTP, MySQL, Redis, or RUM) or "flow" in case of flows.
portedit
format: dotted notation.
The layer 4 port of the process that served the transaction.
procedit
The name of the process that served the transaction.
client_procedit
The name of the process that initiated the transaction.
releaseedit
The software release of the service serving the transaction. This can be the commit id or a semantic version.