New

The executive guide to generative AI

Read more
About usPartnersSupport|Login
« Reference Elastic Entity Model »
Elastic Docs Serverless Elastic Observability Serverless Reference

Infrastructure app fields

edit

Infrastructure app fields

edit

This section lists the fields the Infrastructure UI uses to display data. Please note that some of the fields listed here are not ECS fields.

Additional field details

edit

The event.dataset field is required to display data properly in some views. This field is a combination of metricset.module, which is the Metricbeat module name, and metricset.name, which is the metricset name.

To determine each metric’s optimal time interval, all charts use metricset.period. If metricset.period is not available, then it falls back to 1 minute intervals.

Base fields

edit

The base field set contains all fields which are on the top level. These fields are common across all types of events.

Field Description Type

@timestamp

Date/time when the event originated.

This is the date/time extracted from the event, typically representing when the source generated the event. If the event source has no original timestamp, this value is typically populated by the first time the pipeline received the event. Required field for all events.

Example: May 27, 2020 @ 15:22:27.982

date

message

For log events the message field contains the log message, optimized for viewing in a log viewer.

For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event.

If multiple messages exist, they can be combined into one message.

Example: Hello World

text

Hosts fields

edit

These fields must be mapped to display host data in the Infrastructure app.

Field Description Type

host.name

Name of the host.

It can contain what hostname returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.

Example: MacBook-Elastic.local

keyword

host.ip

IP of the host that records the event.

ip

Docker container fields

edit

These fields must be mapped to display Docker container data in the Infrastructure app.

Field Description Type

container.id

Unique container id.

Example: data

keyword

container.name

Container name.

keyword

container.ip_address

IP of the container.

Not an ECS field

ip

Kubernetes pod fields

edit

These fields must be mapped to display Kubernetes pod data in the Infrastructure app.

Field Description Type

kubernetes.pod.uid

Kubernetes Pod UID.

Example: 8454328b-673d-11ea-7d80-21010a840123

Not an ECS field

keyword

kubernetes.pod.name

Kubernetes pod name.

Example: nginx-demo

Not an ECS field

keyword

kubernetes.pod.ip

IP of the Kubernetes pod.

Not an ECS field

keyword

AWS EC2 instance fields

edit

These fields must be mapped to display EC2 instance data in the Infrastructure app.

Field Description Type

cloud.instance.id

Instance ID of the host machine.

Example: i-1234567890abcdef0

keyword

cloud.instance.name

Instance name of the host machine.

keyword

aws.ec2.instance.public.ip

Instance public IP of the host machine.

Not an ECS field

keyword

AWS S3 bucket fields

edit

These fields must be mapped to display S3 bucket data in the Infrastructure app.

Field Description Type

aws.s3.bucket.name

The name or ID of the AWS S3 bucket.

Not an ECS field

keyword

AWS SQS queue fields

edit

These fields must be mapped to display SQS queue data in the Infrastructure app.

Field Description Type

aws.sqs.queue.name

The name or ID of the AWS SQS queue.

Not an ECS field

keyword

AWS RDS database fields

edit

These fields must be mapped to display RDS database data in the Infrastructure app.

Field Description Type

aws.rds.db_instance.arn

Amazon Resource Name (ARN) for each RDS.

Not an ECS field

keyword

aws.rds.db_instance.identifier

Contains a user-supplied database identifier. This identifier is the unique key that identifies a DB instance.

Not an ECS field

keyword

Additional grouping fields

edit

Depending on which entity you select in the Infrastructure inventory view, these additional fields can be mapped to group entities by.

Field Description Type

cloud.availability_zone

Availability zone in which this host is running.

Example: us-east-1c

keyword

cloud.machine.type

Machine type of the host machine.

Example: t2.medium

keyword

cloud.region

Region in which this host is running.

Example: us-east-1

keyword

cloud.instance.id

Instance ID of the host machine.

Example: i-1234567890abcdef0

keyword

cloud.provider

Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.

Example: aws

keyword

cloud.instance.name

Instance name of the host machine.

keyword

cloud.project.id

Name of the project in Google Cloud.

Not an ECS field

keyword

service.type

The type of service data is collected from.

The type can be used to group and correlate logs and metrics from one service type.

For example, the service type for metrics collected from Elasticsearch is elasticsearch.

Example: elasticsearch

Not an ECS field

keyword

host.hostname

Name of the host. This field is required if you want to use machine learning features

It normally contains what the hostname command returns on the host machine.

Example: Elastic.local

keyword

host.os.name

Operating system name, without the version.

Multi-fields:

os.name.text (type: text)

Example: Mac OS X

keyword

host.os.kernel

Operating system kernel version as a raw string.

Example: 4.4.0-112-generic

keyword
« Reference Elastic Entity Model »