ECS fields used in logging use cases.
| Field | Description | Level | Type | Multi Field | Example |
|---|---|---|---|---|---|
| id | Unique id of the log entry. | (use case) | keyword | 8a4f500d |
|
| timestamp | Timestamp of the log line. | (use case) | date | 2016-05-23T08:05:34.853Z |
|
| message | The log message. This can contain the full log line or based on the processing only the extracted message part. This is expected to be human readable. |
core | text | Hello World |
|
| hostname | Hostname extracted from the log line. | (use case) | keyword | www.example.com |
|
| ip | IP Address extracted from the log line. Can be IPv4 or IPv6. | (use case) | ip | 192.168.1.12 |
|
| log.level | Log level field. Is expected to be WARN, ERR, INFO etc. |
core | keyword | ERR |
|
| log.line | Line number the log event was collected from. | (use case) | long | 18 |
|
| log.offset | Offset of the log event. | (use case) | long | 12 |
|
| source.* | Describes from where the log entries come from. |
||||
| source.path | File path of the file the data is harvested from. | (use case) | keyword | /var/log/test.log |