ECS fields used in logging use cases.
Field | Description | Type | Multi Field | Example |
---|---|---|---|---|
id |
Unique id of the log entry. | keyword | 8a4f500d |
|
timestamp |
Timestamp of the log line. | date | 2016-05-23T08:05:34.853Z |
|
message |
The log message. This can contain the full log line or based on the processing only the extracted message part. This is expected to be human readable. |
text | Hello World |
|
hostname |
Hostname extracted from the log line. | keyword | www.example.com |
|
ip |
IP Address extracted from the log line. Can be IPv4 or IPv6. | ip | 192.168.1.12 |
|
log.level |
Log level field. Is expected to be WARN , ERR , INFO etc. |
keyword | ERR |
|
log.line |
Line number the log event was collected from. | long | 18 |
|
log.offset |
Offset of the log event. | long | 12 |