- Packetbeat Reference: other versions:
- Overview
- Getting started with Packetbeat
- Setting up and running Packetbeat
- Upgrading Packetbeat
- Configuring Packetbeat
- Set traffic capturing options
- Set up flows to monitor network traffic
- Specify which transaction protocols to monitor
- Specify which processes to monitor
- Specify general settings
- Configure the internal queue
- Configure the output
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Export GeoIP Information
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- HTTP Endpoint
- packetbeat.reference.yml
- Exported fields
- AMQP fields
- Beat fields
- Cassandra fields
- Cloud provider metadata fields
- Common fields
- DHCPv4 fields
- DNS fields
- Docker fields
- Flow Event fields
- Host fields
- HTTP fields
- ICMP fields
- Kubernetes fields
- Memcache fields
- MongoDb fields
- MySQL fields
- NFS fields
- PostgreSQL fields
- Raw fields
- Redis fields
- Thrift-RPC fields
- TLS fields
- Transaction Event fields
- Measurements (Transactions) fields
- Monitoring Packetbeat
- Securing Packetbeat
- Visualizing Packetbeat data in Kibana
- Troubleshooting
- Contributing to Beats
MongoDb fields
editMongoDb fields
editMongoDB-specific event fields. These fields mirror closely the fields for the MongoDB wire protocol. The higher level fields (for example, query and resource) apply to MongoDB events as well.
-
mongodb.error -
If the MongoDB request has resulted in an error, this field contains the error message returned by the server.
-
mongodb.fullCollectionName -
The full collection name. The full collection name is the concatenation of the database name with the collection name, using a dot (.) for the concatenation. For example, for the database foo and the collection bar, the full collection name is foo.bar.
-
mongodb.numberToSkip -
type: long
Sets the number of documents to omit - starting from the first document in the resulting dataset - when returning the result of the query.
-
mongodb.numberToReturn -
type: long
The requested maximum number of documents to be returned.
-
mongodb.numberReturned -
type: long
The number of documents in the reply.
-
mongodb.startingFrom -
Where in the cursor this reply is starting.
-
mongodb.query -
A JSON document that represents the query. The query will contain one or more elements, all of which must match for a document to be included in the result set. Possible elements include $query, $orderby, $hint, $explain, and $snapshot.
-
mongodb.returnFieldsSelector -
A JSON document that limits the fields in the returned documents. The returnFieldsSelector contains one or more elements, each of which is the name of a field that should be returned, and the integer value 1.
-
mongodb.selector -
A BSON document that specifies the query for selecting the document to update or delete.
-
mongodb.update -
A BSON document that specifies the update to be performed. For information on specifying updates, see the Update Operations documentation from the MongoDB Manual.
-
mongodb.cursorId -
The cursor identifier returned in the OP_REPLY. This must be the value that was returned from the database.
rpc fields
editOncRPC specific event fields.
-
rpc.xid -
RPC message transaction identifier.
-
rpc.call_size -
type: long
RPC call size with argument.
-
rpc.reply_size -
type: long
RPC reply size with argument.
-
rpc.status -
RPC message reply status.
-
rpc.time -
type: long
RPC message processing time.
-
rpc.time_str -
RPC message processing time in human readable form.
-
rpc.auth_flavor -
RPC authentication flavor.
-
rpc.cred.uid -
type: long
RPC caller’s user id, in case of auth-unix.
-
rpc.cred.gid -
type: long
RPC caller’s group id, in case of auth-unix.
-
rpc.cred.gids -
RPC caller’s secondary group ids, in case of auth-unix.
-
rpc.cred.stamp -
type: long
Arbitrary ID which the caller machine may generate.
-
rpc.cred.machinename -
The name of the caller’s machine.
On this page