WARNING: Version 5.5 of Filebeat has passed its EOL date.

This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.

« Cloud Provider Metadata Fields MySQL Fields »
Elastic Docs Filebeat Reference [5.5] Exported Fields

Log File Content Fields

edit

Log File Content Fields

edit

Contains log file lines.

source

edit

type: keyword

required: True

The file from which the line was read. This field contains the absolute path to the file. For example: /var/log/system.log.

offset

edit

type: long

required: False

The file offset the reported line starts at.

message

edit

type: text

required: True

The content of the line read from the log file.

type

edit

required: True

The name of the log event. This field is set to the value specified for the document_type option in the prospector section of the Filebeat config file.

input_type

edit

required: True

The input type from which the event was generated. This field is set to the value specified for the input_type option in the prospector section of the Filebeat config file.

error

edit

Ingestion pipeline error message, added in case there are errors reported by the Ingest Node in Elasticsearch.

read_timestamp

edit

In case the ingest pipeline parses the timestamp from the log contents, it stores the original @timestamp (representing the time when the log line was read) in this field.

fileset.module

edit

The Filebeat module that generated this event.

fileset.name

edit

The Filebeat fileset that generated this event.

« Cloud Provider Metadata Fields MySQL Fields »