monitor.elastic
[ Introduction ] [ Valid tags and data tables ] [ Table structure ]
Introduction
The tags beginning with monitor.elastic
identify events generated by Elastic.
Valid tags and data tablesÂ
The full tag must have four levels. The first two are fixed as monitor.elastic
. The third level identifies the type of events sent and the fourth the subtype.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Elastic |
|
|
For more information, read more about Devo tags.
Table structure
These are the fields displayed in this table:
Field | Type | Extra field |
---|---|---|
eventdate |
| Â |
hostname |
| Â |
agent__hostname |
| Â |
agent__name |
| Â |
agent__id |
| Â |
agent__ephemeral_id |
| Â |
agent__type |
| Â |
agent__version |
| Â |
APP_NAME |
| Â |
type |
| Â |
tags |
| Â |
at_timestamp |
| Â |
file__owner |
| Â |
file__extension |
| Â |
file__gid |
| Â |
file__mtime |
| Â |
file__type |
| Â |
file__mode |
| Â |
file__inode |
| Â |
file__path |
| Â |
file__uid |
| Â |
file__size |
| Â |
file__ctime |
| Â |
file__hash__sha1 |
| Â |
file__group |
| Â |
ecs__version |
| Â |
service__type |
| Â |
host__name |
| Â |
at_version |
| Â |
SUB_SYSTEM |
| Â |
event__kind |
| Â |
event__module |
| Â |
event__action |
| Â |
event__category |
| Â |
event__type |
| Â |
event__dataset |
| Â |
hash__sha1 |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |