IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Envoyproxy fields haproxy fields »
Elastic Docs Filebeat Reference [7.3] Exported fields

Google Cloud fields

edit

Google Cloud fields

edit

Module for handling logs from Google Cloud.

googlecloud

edit

Fields from Google Cloud logs.

vpcflow

edit

Fields for Google Cloud VPC flow logs.

googlecloud.vpcflow.reporter

The side which reported the flow. Can be either SRC or DEST.

type: keyword

googlecloud.vpcflow.rtt.ms

Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay.

type: long

destination.instance

edit

If the destination of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project.

googlecloud.vpcflow.destination.instance.project_id

ID of the project containing the VM.

type: keyword

googlecloud.vpcflow.destination.instance.region

Region of the VM.

type: keyword

googlecloud.vpcflow.destination.instance.zone

Zone of the VM.

type: keyword

destination.vpc

edit

If the destination of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project.

googlecloud.vpcflow.destination.vpc.project_id

ID of the project containing the VM.

type: keyword

googlecloud.vpcflow.destination.vpc.vpc_name

VPC on which the VM is operating.

type: keyword

googlecloud.vpcflow.destination.vpc.subnetwork_name

Subnetwork on which the VM is operating.

type: keyword

source.instance

edit

If the source of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project.

googlecloud.vpcflow.source.instance.project_id

ID of the project containing the VM.

type: keyword

googlecloud.vpcflow.source.instance.region

Region of the VM.

type: keyword

googlecloud.vpcflow.source.instance.zone

Zone of the VM.

type: keyword

source.vpc

edit

If the source of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project.

googlecloud.vpcflow.source.vpc.project_id

ID of the project containing the VM.

type: keyword

googlecloud.vpcflow.source.vpc.vpc_name

VPC on which the VM is operating.

type: keyword

googlecloud.vpcflow.source.vpc.subnetwork_name

Subnetwork on which the VM is operating.

type: keyword

« Envoyproxy fields haproxy fields »