Skip to content

Commit

Permalink
Add http.response.* fields
Browse files Browse the repository at this point in the history
HTTP response status code and body show up in different Beats as packetbeat, heartbeat, filebeat, apm-server and also in web server logs. They are so common that it makes sense to standardise on the naming which is not the case yet.

I initially thought of creating `response` object outside as it also exists for other protocols but came to the conclusion that it's not really useful to correlate for example response codes across different protocols.
  • Loading branch information
ruflin committed May 28, 2018
1 parent ca691df commit 79b7a92
Show file tree
Hide file tree
Showing 4 changed files with 46 additions and 0 deletions.
12 changes: 12 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ List of available ECS fields.
* [File fields](#file)
* [Geoip fields](#geoip)
* [Host fields](#host)
* [HTTP fields](#http)
* [Kubernetes fields](#kubernetes)
* [Log fields](#log)
* [Network fields](#network)
Expand Down Expand Up @@ -237,6 +238,17 @@ Normally the host information is related to the machine on which the event was g
| <a name="host.architecture"></a>`host.architecture` | Operating system architecture. | keyword | | `x86_64` |


## <a name="http"></a> HTTP fields

Fields related to HTTP requests and responses.


| Field | Description | Type | Multi Field | Example |
|---|---|---|---|---|
| <a name="http.response.status_code"></a>`http.response.status_code` | Http response status code. | long | | `404` |
| <a name="http.response.body"></a>`http.response.body` | The full http response body. | text | | `Hello world` |


## <a name="kubernetes"></a> Kubernetes fields

Kubernetes fields are used for meta information about k8s. This should help to correlate data coming out of k8s setups.
Expand Down
2 changes: 2 additions & 0 deletions schema.csv
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,8 @@ host.os.platform,keyword,0,darwin
host.os.version,keyword,0,10.12.6
host.timezone.offset.sec,long,1,-5400
host.type,keyword,1,
http.response.body,text,0,Hello world
http.response.status_code,long,0,404
kubernetes.annotations,object,0,
kubernetes.container.name,keyword,0,
kubernetes.labels,object,0,
Expand Down
17 changes: 17 additions & 0 deletions schemas/http.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
- name: http
title: HTTP
group: 2
description: >
Fields related to HTTP requests and responses.
fields:
- name: response.status_code
type: long
description: >
Http response status code.
example: 404
- name: response.body
type: text
description: >
The full http response body.
example: Hello world
15 changes: 15 additions & 0 deletions template.json
Original file line number Diff line number Diff line change
Expand Up @@ -392,6 +392,21 @@
}
}
},
"http": {
"properties": {
"response": {
"properties": {
"body": {
"norms": false,
"type": "text"
},
"status_code": {
"type": "long"
}
}
}
}
},
"kubernetes": {
"properties": {
"annotations": {
Expand Down

0 comments on commit 79b7a92

Please sign in to comment.