- Filebeat Reference: other versions:
- Overview
- Getting Started With Filebeat
- Step 1: Install Filebeat
- Step 2: Configure Filebeat
- Step 3: Configure Filebeat to use Logstash
- Step 4: Load the index template in Elasticsearch
- Step 5: Set up the Kibana dashboards
- Step 6: Start Filebeat
- Step 7: View the sample Kibana dashboards
- Quick start: modules for common log formats
- Repositories for APT and YUM
- Setting up and running Filebeat
- Upgrading Filebeat
- How Filebeat works
- Configuring Filebeat
- Specify which modules to run
- Configure inputs
- Manage multiline messages
- Specify general settings
- Load external configuration files
- Configure the internal queue
- Configure the output
- Load balance the output hosts
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- Autodiscover
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- filebeat.reference.yml
- Modules
- Exported fields
- Apache2 fields
- Auditd fields
- Beat fields
- Cloud provider metadata fields
- Docker fields
- elasticsearch fields
- Host fields
- Icinga fields
- IIS fields
- Kafka fields
- kibana fields
- Kubernetes fields
- Log file content fields
- logstash fields
- mongodb fields
- MySQL fields
- Nginx fields
- Osquery fields
- PostgreSQL fields
- Redis fields
- System fields
- Traefik fields
- Monitoring Filebeat
- Securing Filebeat
- Troubleshooting
- Migrating from Logstash Forwarder to Filebeat
- Contributing to Beats
Traefik fields
editTraefik fields
editModule for parsing the Traefik log files.
traefik fields
editFields from the Traefik log files.
access fields
editContains fields for the Traefik access logs.
-
traefik.access.remote_ip -
type: keyword
Client IP address.
-
traefik.access.user_name -
type: keyword
The user name used when basic authentication is used.
-
traefik.access.method -
type: keyword
example: GET
The request HTTP method.
-
traefik.access.url -
type: keyword
The request HTTP URL.
-
traefik.access.http_version -
type: keyword
The HTTP version.
-
traefik.access.response_code -
type: long
The HTTP response code.
-
traefik.access.body_sent.bytes -
type: long
format: bytes
The number of bytes of the server response body.
-
traefik.access.referrer -
type: keyword
The HTTP referrer.
-
traefik.access.agent -
type: text
Contains the un-parsed user agent string. Only present if the user agent Elasticsearch plugin is not available or not used.
user_agent fields
editContains the parsed User agent field. Only present if the user agent Elasticsearch plugin is available and used.
-
traefik.access.user_agent.device -
type: keyword
The name of the physical device.
-
traefik.access.user_agent.major -
type: long
The major version of the user agent.
-
traefik.access.user_agent.minor -
type: long
The minor version of the user agent.
-
traefik.access.user_agent.patch -
type: keyword
The patch version of the user agent.
-
traefik.access.user_agent.name -
type: keyword
example: Chrome
The name of the user agent.
-
traefik.access.user_agent.os -
type: keyword
The name of the operating system.
-
traefik.access.user_agent.os_major -
type: long
The major version of the operating system.
-
traefik.access.user_agent.os_minor -
type: long
The minor version of the operating system.
-
traefik.access.user_agent.os_name -
type: keyword
The name of the operating system.
geoip fields
editContains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.
-
traefik.access.geoip.continent_name -
type: keyword
The name of the continent.
-
traefik.access.geoip.country_iso_code -
type: keyword
Country ISO code.
-
traefik.access.geoip.location -
type: geo_point
The longitude and latitude.
-
traefik.access.geoip.region_name -
type: keyword
The region name.
-
traefik.access.geoip.city_name -
type: keyword
The city name.
-
traefik.access.geoip.region_iso_code -
type: keyword
Region ISO code.
-
traefik.access.request_count -
type: long
The number of requests
-
traefik.access.frontend_name -
type: text
The name of the frontend used
-
traefik.access.backend_url -
type: text
The url of the backend where request is forwarded