diff --git a/packages/apm/0.1.0-dev.1/agent/input/template.yml.hbs b/packages/apm/0.1.0-dev.1/agent/input/template.yml.hbs new file mode 100644 index 0000000000..fa5083b93a --- /dev/null +++ b/packages/apm/0.1.0-dev.1/agent/input/template.yml.hbs @@ -0,0 +1,2 @@ +apm-server: + rum.enabled: {{enable_rum}} diff --git a/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json new file mode 100644 index 0000000000..3d68a9bb5c --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json @@ -0,0 +1,12 @@ +{ + "description": "Add an ingest timestamp for APM events", + "processors": [ + { + "set": { + "field": "event.ingested", + "if": "ctx.processor?.event != 'span'", + "value": "{{_ingest.timestamp}}" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json new file mode 100644 index 0000000000..ad095d62ac --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json @@ -0,0 +1,25 @@ +{ + "description": "Removes metadata fields available already on the parent transaction, to save storage", + "processors": [ + { + "remove": { + "field": [ + "host", + "process", + "user", + "user_agent", + "container", + "kubernetes", + "service.node", + "service.version", + "service.language", + "service.runtime", + "service.framework" + ], + "if": "ctx.processor?.event == 'span'", + "ignore_failure": true, + "ignore_missing": true + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/apm_user_agent.json b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/apm_user_agent.json new file mode 100644 index 0000000000..b5810f590d --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/apm_user_agent.json @@ -0,0 +1,13 @@ +{ + "description": "Add user agent information for APM events", + "processors": [ + { + "user_agent": { + "field": "user_agent.original", + "ignore_failure": true, + "ignore_missing": true, + "target_field": "user_agent" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/apm_user_geo.json b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/apm_user_geo.json new file mode 100644 index 0000000000..05ecc7ddcc --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/apm_user_geo.json @@ -0,0 +1,22 @@ +{ + "description": "Add user geo information for APM events", + "processors": [ + { + "geoip": { + "database_file": "GeoLite2-City.mmdb", + "field": "client.ip", + "ignore_missing": true, + "on_failure": [ + { + "remove": { + "field": "client.ip", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "target_field": "client.geo" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/default.json b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/default.json new file mode 100644 index 0000000000..b1e693074b --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/elasticsearch/ingest_pipeline/default.json @@ -0,0 +1,25 @@ +{ + "description": "Default enrichment for APM events", + "processors": [ + { + "pipeline": { + "name": "metrics-apm-0.1.0-dev.1-apm_user_agent" + } + }, + { + "pipeline": { + "name": "metrics-apm-0.1.0-dev.1-apm_user_geo" + } + }, + { + "pipeline": { + "name": "metrics-apm-0.1.0-dev.1-apm_ingest_timestamp" + } + }, + { + "pipeline": { + "name": "metrics-apm-0.1.0-dev.1-apm_remove_span_metadata" + } + } + ] +} diff --git a/packages/apm/0.1.0-dev.1/data_stream/app_metrics/fields/base-fields.yml b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/fields/base-fields.yml new file mode 100644 index 0000000000..bef973826b --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: '@timestamp' + type: date + description: Event timestamp. +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. diff --git a/packages/apm/0.1.0-dev.1/data_stream/app_metrics/fields/ecs.yml b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/fields/ecs.yml new file mode 100644 index 0000000000..79b4403495 --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/fields/ecs.yml @@ -0,0 +1,208 @@ +- name: agent.ephemeral_id + type: keyword + description: | + The Ephemeral ID identifies a running process. +- name: agent.name + type: keyword + description: | + Name of the agent used. +- name: agent.version + type: keyword + description: | + Version of the agent used. +- name: client.ip + type: ip + description: | + IP address of the client of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address. +- name: cloud.account.id + level: extended + type: keyword + description: Cloud account ID + ignore_above: 1024 +- name: cloud.account.name + level: extended + type: keyword + description: Cloud account name + ignore_above: 1024 +- name: cloud.availability_zone + level: extended + type: keyword + description: Cloud availability zone name + ignore_above: 1024 +- name: cloud.instance.id + level: extended + type: keyword + description: Cloud instance/machine ID + ignore_above: 1024 +- name: cloud.instance.name + level: extended + type: keyword + description: Cloud instance/machine name + ignore_above: 1024 +- name: cloud.machine.type + level: extended + type: keyword + description: Cloud instance/machine type + ignore_above: 1024 +- name: cloud.project.id + level: extended + type: keyword + description: Cloud project ID + ignore_above: 1024 +- name: cloud.project.name + level: extended + type: keyword + description: Cloud project name + ignore_above: 1024 +- name: cloud.provider + level: extended + type: keyword + description: Cloud provider name + ignore_above: 1024 +- name: cloud.region + level: extended + type: keyword + description: Cloud region name + ignore_above: 1024 +- name: container.id + type: keyword + description: | + Unique container id. +- name: destination.address + level: extended + type: keyword + description: Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 +- name: destination.ip + level: core + type: ip + description: IP addess of the destination. Can be one of multiple IPv4 or IPv6 addresses. +- name: destination.port + level: core + type: long + format: string + description: Port of the destination. +- name: host.architecture + type: keyword + description: | + The architecture of the host the event was recorded on. +- name: host.hostname + type: keyword + description: | + The hostname of the host the event was recorded on. +- name: host.ip + type: ip + description: | + IP of the host that records the event. +- name: host.name + type: keyword + description: | + Name of the host the event was recorded on. It can contain same information as host.hostname or a name specified by the user. +- name: host.os.platform + type: keyword + description: | + The platform of the host the event was recorded on. +- name: labels + type: object + description: | + A flat mapping of user-defined labels with string, boolean or number values. +- name: observer.hostname + type: keyword + description: | + Hostname of the APM Server. +- name: observer.type + type: keyword + description: | + The type will be set to `apm-server`. +- name: observer.version + type: keyword + description: | + APM Server version. +- name: process.args + level: extended + type: keyword + description: | + Process arguments. May be filtered to protect sensitive information. +- name: process.pid + type: long + description: | + Numeric process ID of the service process. +- name: process.ppid + type: long + description: | + Numeric ID of the service's parent process. +- name: process.title + type: keyword + description: | + Service process title. +- name: service.name + type: keyword + description: | + Immutable name of the service emitting this event. +- name: service.node.name + type: keyword + description: | + Unique meaningful name of the service node. +- name: service.version + type: keyword + description: | + Version of the service emitting this event. +- name: source.ip + type: ip + description: | + IP address of the source of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address. +- name: user.email + type: keyword + description: | + Email of the logged in user. +- name: user.id + type: keyword + description: | + Identifier of the logged in user. +- name: user.name + type: keyword + description: | + The username of the logged in user. +- name: user_agent.device.name + type: keyword + description: | + Name of the device. +- name: user_agent.name + type: keyword + description: | + Name of the user agent. +- name: user_agent.original + type: keyword + description: | + Unparsed version of the user_agent. + multi_fields: + - name: text + type: text +- name: user_agent.os.family + type: keyword + description: | + OS family (such as redhat, debian, freebsd, windows). +- name: user_agent.os.full + type: keyword + description: | + Operating system name, including the version or code name. +- name: user_agent.os.kernel + type: keyword + description: | + Operating system kernel version as a raw string. +- name: user_agent.os.name + type: keyword + description: | + Operating system name, without the version. +- name: user_agent.os.platform + type: keyword + description: | + Operating system platform (such centos, ubuntu, windows). +- name: user_agent.os.version + type: keyword + description: | + Operating system version as a raw string. +- name: user_agent.version + type: keyword + description: | + Version of the user agent. diff --git a/packages/apm/0.1.0-dev.1/data_stream/app_metrics/fields/fields.yml b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/fields/fields.yml new file mode 100644 index 0000000000..919f961c47 --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/fields/fields.yml @@ -0,0 +1,105 @@ +- name: experimental + type: object + description: Additional experimental data sent by the agents. +- name: kubernetes.namespace + type: keyword + description: | + Kubernetes namespace +- name: kubernetes.node.name + type: keyword + description: | + Kubernetes node name +- name: kubernetes.pod.name + type: keyword + description: | + Kubernetes pod name +- name: kubernetes.pod.uid + type: keyword + description: | + Kubernetes Pod UID +- name: metricset.period + type: long +- name: observer.listening + type: keyword + description: | + Address the server is listening on. +- name: observer.version_major + type: byte + description: | + Major version number of the observer +- name: processor.event + type: keyword + description: Processor event. +- name: processor.name + type: keyword + description: Processor name. +- name: service.environment + type: keyword + description: | + Service environment. +- name: service.framework.name + type: keyword + description: | + Name of the framework used. +- name: service.framework.version + type: keyword + description: | + Version of the framework used. +- name: service.language.name + type: keyword + description: | + Name of the programming language used. +- name: service.language.version + type: keyword + description: | + Version of the programming language used. +- name: service.runtime.name + type: keyword + description: | + Name of the runtime used. +- name: service.runtime.version + type: keyword + description: | + Version of the runtime used. +- name: system.cpu.total.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent by the process since the last event. This value is normalized by the number of CPU cores and it ranges from 0 to 100%. +- name: system.memory.actual.free + type: long + format: bytes + description: | + Actual free memory in bytes. It is calculated based on the OS. On Linux it consists of the free memory plus caches and buffers. On OSX it is a sum of free memory and the inactive memory. On Windows, it is equal to `system.memory.free`. +- name: system.memory.total + type: long + format: bytes + description: | + Total memory. +- name: system.process.cgroup.memory.mem.limit.bytes + type: long + format: bytes + description: Memory limit for the current cgroup slice. +- name: system.process.cgroup.memory.mem.usage.bytes + type: long + format: bytes + description: Memory usage by the current cgroup slice. +- name: system.process.cpu.total.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent by the process since the last event. This value is normalized by the number of CPU cores and it ranges from 0 to 100%. +- name: system.process.memory.rss.bytes + type: long + format: bytes + description: | + The Resident Set Size. The amount of memory the process occupied in main memory (RAM). +- name: system.process.memory.size + type: long + format: bytes + description: | + The total virtual memory the process has. +- name: timestamp.us + type: long + description: | + Timestamp of the event in microseconds since Unix epoch. diff --git a/packages/apm/0.1.0-dev.1/data_stream/app_metrics/manifest.yml b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/manifest.yml new file mode 100644 index 0000000000..ef03a64fd0 --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/app_metrics/manifest.yml @@ -0,0 +1,3 @@ +title: APM application metrics +type: metrics +dataset: apm diff --git a/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json b/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json new file mode 100644 index 0000000000..3d68a9bb5c --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json @@ -0,0 +1,12 @@ +{ + "description": "Add an ingest timestamp for APM events", + "processors": [ + { + "set": { + "field": "event.ingested", + "if": "ctx.processor?.event != 'span'", + "value": "{{_ingest.timestamp}}" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json b/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json new file mode 100644 index 0000000000..ad095d62ac --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json @@ -0,0 +1,25 @@ +{ + "description": "Removes metadata fields available already on the parent transaction, to save storage", + "processors": [ + { + "remove": { + "field": [ + "host", + "process", + "user", + "user_agent", + "container", + "kubernetes", + "service.node", + "service.version", + "service.language", + "service.runtime", + "service.framework" + ], + "if": "ctx.processor?.event == 'span'", + "ignore_failure": true, + "ignore_missing": true + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/apm_user_agent.json b/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/apm_user_agent.json new file mode 100644 index 0000000000..b5810f590d --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/apm_user_agent.json @@ -0,0 +1,13 @@ +{ + "description": "Add user agent information for APM events", + "processors": [ + { + "user_agent": { + "field": "user_agent.original", + "ignore_failure": true, + "ignore_missing": true, + "target_field": "user_agent" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/apm_user_geo.json b/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/apm_user_geo.json new file mode 100644 index 0000000000..05ecc7ddcc --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/apm_user_geo.json @@ -0,0 +1,22 @@ +{ + "description": "Add user geo information for APM events", + "processors": [ + { + "geoip": { + "database_file": "GeoLite2-City.mmdb", + "field": "client.ip", + "ignore_missing": true, + "on_failure": [ + { + "remove": { + "field": "client.ip", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "target_field": "client.geo" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/default.json b/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/default.json new file mode 100644 index 0000000000..c8ea45b9ae --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/error_logs/elasticsearch/ingest_pipeline/default.json @@ -0,0 +1,25 @@ +{ + "description": "Default enrichment for APM events", + "processors": [ + { + "pipeline": { + "name": "logs-apm.error-0.1.0-dev.1-apm_user_agent" + } + }, + { + "pipeline": { + "name": "logs-apm.error-0.1.0-dev.1-apm_user_geo" + } + }, + { + "pipeline": { + "name": "logs-apm.error-0.1.0-dev.1-apm_ingest_timestamp" + } + }, + { + "pipeline": { + "name": "logs-apm.error-0.1.0-dev.1-apm_remove_span_metadata" + } + } + ] +} diff --git a/packages/apm/0.1.0-dev.1/data_stream/error_logs/fields/base-fields.yml b/packages/apm/0.1.0-dev.1/data_stream/error_logs/fields/base-fields.yml new file mode 100644 index 0000000000..bef973826b --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/error_logs/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: '@timestamp' + type: date + description: Event timestamp. +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. diff --git a/packages/apm/0.1.0-dev.1/data_stream/error_logs/fields/ecs.yml b/packages/apm/0.1.0-dev.1/data_stream/error_logs/fields/ecs.yml new file mode 100644 index 0000000000..7ed13180dd --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/error_logs/fields/ecs.yml @@ -0,0 +1,264 @@ +- name: agent.ephemeral_id + type: keyword + description: | + The Ephemeral ID identifies a running process. +- name: agent.name + type: keyword + description: | + Name of the agent used. +- name: agent.version + type: keyword + description: | + Version of the agent used. +- name: client.ip + type: ip + description: | + IP address of the client of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address. +- name: cloud.account.id + level: extended + type: keyword + description: Cloud account ID + ignore_above: 1024 +- name: cloud.account.name + level: extended + type: keyword + description: Cloud account name + ignore_above: 1024 +- name: cloud.availability_zone + level: extended + type: keyword + description: Cloud availability zone name + ignore_above: 1024 +- name: cloud.instance.id + level: extended + type: keyword + description: Cloud instance/machine ID + ignore_above: 1024 +- name: cloud.instance.name + level: extended + type: keyword + description: Cloud instance/machine name + ignore_above: 1024 +- name: cloud.machine.type + level: extended + type: keyword + description: Cloud instance/machine type + ignore_above: 1024 +- name: cloud.project.id + level: extended + type: keyword + description: Cloud project ID + ignore_above: 1024 +- name: cloud.project.name + level: extended + type: keyword + description: Cloud project name + ignore_above: 1024 +- name: cloud.provider + level: extended + type: keyword + description: Cloud provider name + ignore_above: 1024 +- name: cloud.region + level: extended + type: keyword + description: Cloud region name + ignore_above: 1024 +- name: container.id + type: keyword + description: | + Unique container id. +- name: destination.address + level: extended + type: keyword + description: Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 +- name: destination.ip + level: core + type: ip + description: IP addess of the destination. Can be one of multiple IPv4 or IPv6 addresses. +- name: destination.port + level: core + type: long + format: string + description: Port of the destination. +- name: error.id + type: keyword + description: | + The ID of the error. +- name: host.architecture + type: keyword + description: | + The architecture of the host the event was recorded on. +- name: host.hostname + type: keyword + description: | + The hostname of the host the event was recorded on. +- name: host.ip + type: ip + description: | + IP of the host that records the event. +- name: host.name + type: keyword + description: | + Name of the host the event was recorded on. It can contain same information as host.hostname or a name specified by the user. +- name: host.os.platform + type: keyword + description: | + The platform of the host the event was recorded on. +- name: http.request.method + type: keyword + description: | + The http method of the request leading to this event. +- name: http.request.referrer + type: keyword + description: Referrer for this HTTP request. + ignore_above: 1024 +- name: http.response.status_code + type: long + description: | + The status code of the HTTP response. +- name: http.version + type: keyword + description: | + The http version of the request leading to this event. +- name: labels + type: object + description: | + A flat mapping of user-defined labels with string, boolean or number values. +- name: observer.hostname + type: keyword + description: | + Hostname of the APM Server. +- name: observer.type + type: keyword + description: | + The type will be set to `apm-server`. +- name: observer.version + type: keyword + description: | + APM Server version. +- name: process.args + level: extended + type: keyword + description: | + Process arguments. May be filtered to protect sensitive information. +- name: process.pid + type: long + description: | + Numeric process ID of the service process. +- name: process.ppid + type: long + description: | + Numeric ID of the service's parent process. +- name: process.title + type: keyword + description: | + Service process title. +- name: service.name + type: keyword + description: | + Immutable name of the service emitting this event. +- name: service.node.name + type: keyword + description: | + Unique meaningful name of the service node. +- name: service.version + type: keyword + description: | + Version of the service emitting this event. +- name: source.ip + type: ip + description: | + IP address of the source of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address. +- name: trace.id + type: keyword + description: | + The ID of the trace to which the event belongs to. +- name: transaction.id + type: keyword + description: | + The transaction ID. +- name: url.domain + type: keyword + description: | + The hostname of the request, e.g. "example.com". +- name: url.fragment + type: keyword + description: | + A fragment specifying a location in a web page , e.g. "top". +- name: url.full + type: keyword + description: | + The full, possibly agent-assembled URL of the request, e.g https://example.com:443/search?q=elasticsearch#top. +- name: url.path + type: keyword + description: | + The path of the request, e.g. "/search". +- name: url.port + type: long + description: | + The port of the request, e.g. 443. +- name: url.query + type: keyword + description: | + The query string of the request, e.g. "q=elasticsearch". +- name: url.scheme + type: keyword + description: | + The protocol of the request, e.g. "https:". +- name: user.email + type: keyword + description: | + Email of the logged in user. +- name: user.id + type: keyword + description: | + Identifier of the logged in user. +- name: user.name + type: keyword + description: | + The username of the logged in user. +- name: user_agent.device.name + type: keyword + description: | + Name of the device. +- name: user_agent.name + type: keyword + description: | + Name of the user agent. +- name: user_agent.original + type: keyword + description: | + Unparsed version of the user_agent. + multi_fields: + - name: text + type: text +- name: user_agent.os.family + type: keyword + description: | + OS family (such as redhat, debian, freebsd, windows). +- name: user_agent.os.full + type: keyword + description: | + Operating system name, including the version or code name. +- name: user_agent.os.kernel + type: keyword + description: | + Operating system kernel version as a raw string. +- name: user_agent.os.name + type: keyword + description: | + Operating system name, without the version. +- name: user_agent.os.platform + type: keyword + description: | + Operating system platform (such centos, ubuntu, windows). +- name: user_agent.os.version + type: keyword + description: | + Operating system version as a raw string. +- name: user_agent.version + type: keyword + description: | + Version of the user agent. diff --git a/packages/apm/0.1.0-dev.1/data_stream/error_logs/fields/fields.yml b/packages/apm/0.1.0-dev.1/data_stream/error_logs/fields/fields.yml new file mode 100644 index 0000000000..a7984e6939 --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/error_logs/fields/fields.yml @@ -0,0 +1,140 @@ +- name: error.culprit + type: keyword + description: Function call which was the primary perpetrator of this event. +- name: error.exception.code + type: keyword + description: The error code set when the error happened, e.g. database error code. +- name: error.exception.handled + type: boolean + description: Indicator whether the error was caught somewhere in the code or not. +- name: error.exception.message + type: text + description: The original error message. +- name: error.exception.module + type: keyword + description: The module namespace of the original error. +- name: error.exception.type + type: keyword +- name: error.grouping_key + type: keyword + description: | + GroupingKey of the logged error for use in grouping. +- name: error.log.level + type: keyword + description: The severity of the record. +- name: error.log.logger_name + type: keyword + description: The name of the logger instance used. +- name: error.log.message + type: text + description: The additionally logged error message. +- name: error.log.param_message + type: keyword + description: | + A parametrized message. E.g. 'Could not connect to %s'. The property message is still required, and should be equal to the param_message, but with placeholders replaced. In some situations the param_message is used to group errors together. +- name: experimental + type: object + description: Additional experimental data sent by the agents. +- name: http.request.headers + type: object + description: | + The canonical headers of the monitored HTTP request. +- name: http.response.finished + type: boolean + description: | + Used by the Node agent to indicate when in the response life cycle an error has occurred. +- name: http.response.headers + type: object + description: | + The canonical headers of the monitored HTTP response. +- name: kubernetes.namespace + type: keyword + description: | + Kubernetes namespace +- name: kubernetes.node.name + type: keyword + description: | + Kubernetes node name +- name: kubernetes.pod.name + type: keyword + description: | + Kubernetes pod name +- name: kubernetes.pod.uid + type: keyword + description: | + Kubernetes Pod UID +- name: observer.listening + type: keyword + description: | + Address the server is listening on. +- name: observer.version_major + type: byte + description: | + Major version number of the observer +- name: parent.id + type: keyword + description: | + The ID of the parent event. +- name: processor.event + type: keyword + description: Processor event. +- name: processor.name + type: keyword + description: Processor name. +- name: service.environment + type: keyword + description: | + Service environment. +- name: service.framework.name + type: keyword + description: | + Name of the framework used. +- name: service.framework.version + type: keyword + description: | + Version of the framework used. +- name: service.language.name + type: keyword + description: | + Name of the programming language used. +- name: service.language.version + type: keyword + description: | + Version of the programming language used. +- name: service.runtime.name + type: keyword + description: | + Name of the runtime used. +- name: service.runtime.version + type: keyword + description: | + Version of the runtime used. +- name: timestamp.us + type: long + description: | + Timestamp of the event in microseconds since Unix epoch. +- name: transaction.breakdown.count + type: long +- name: transaction.duration.count + type: long +- name: transaction.duration.sum.us + type: long +- name: transaction.name + type: keyword + description: | + Generic designation of a transaction in the scope of a single service (eg. 'GET /users/:id'). + multi_fields: + - name: text + type: text +- name: transaction.sampled + type: boolean + description: | + Transactions that are 'sampled' will include all available information. Transactions that are not sampled will not have spans or context. +- name: transaction.self_time.count + type: long +- name: transaction.self_time.sum.us + type: long +- name: transaction.type + type: keyword + description: | + Keyword of specific relevance in the service's domain (eg. 'request', 'backgroundjob', etc) diff --git a/packages/apm/0.1.0-dev.1/data_stream/error_logs/manifest.yml b/packages/apm/0.1.0-dev.1/data_stream/error_logs/manifest.yml new file mode 100644 index 0000000000..89b7461ddd --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/error_logs/manifest.yml @@ -0,0 +1,3 @@ +title: APM logs and errors +type: logs +dataset: apm.error diff --git a/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json new file mode 100644 index 0000000000..3d68a9bb5c --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json @@ -0,0 +1,12 @@ +{ + "description": "Add an ingest timestamp for APM events", + "processors": [ + { + "set": { + "field": "event.ingested", + "if": "ctx.processor?.event != 'span'", + "value": "{{_ingest.timestamp}}" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json new file mode 100644 index 0000000000..ad095d62ac --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json @@ -0,0 +1,25 @@ +{ + "description": "Removes metadata fields available already on the parent transaction, to save storage", + "processors": [ + { + "remove": { + "field": [ + "host", + "process", + "user", + "user_agent", + "container", + "kubernetes", + "service.node", + "service.version", + "service.language", + "service.runtime", + "service.framework" + ], + "if": "ctx.processor?.event == 'span'", + "ignore_failure": true, + "ignore_missing": true + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/apm_user_agent.json b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/apm_user_agent.json new file mode 100644 index 0000000000..b5810f590d --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/apm_user_agent.json @@ -0,0 +1,13 @@ +{ + "description": "Add user agent information for APM events", + "processors": [ + { + "user_agent": { + "field": "user_agent.original", + "ignore_failure": true, + "ignore_missing": true, + "target_field": "user_agent" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/apm_user_geo.json b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/apm_user_geo.json new file mode 100644 index 0000000000..05ecc7ddcc --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/apm_user_geo.json @@ -0,0 +1,22 @@ +{ + "description": "Add user geo information for APM events", + "processors": [ + { + "geoip": { + "database_file": "GeoLite2-City.mmdb", + "field": "client.ip", + "ignore_missing": true, + "on_failure": [ + { + "remove": { + "field": "client.ip", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "target_field": "client.geo" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/default.json b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/default.json new file mode 100644 index 0000000000..6df3cfde3a --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/elasticsearch/ingest_pipeline/default.json @@ -0,0 +1,25 @@ +{ + "description": "Default enrichment for APM events", + "processors": [ + { + "pipeline": { + "name": "metrics-apm.internal-0.1.0-dev.1-apm_user_agent" + } + }, + { + "pipeline": { + "name": "metrics-apm.internal-0.1.0-dev.1-apm_user_geo" + } + }, + { + "pipeline": { + "name": "metrics-apm.internal-0.1.0-dev.1-apm_ingest_timestamp" + } + }, + { + "pipeline": { + "name": "metrics-apm.internal-0.1.0-dev.1-apm_remove_span_metadata" + } + } + ] +} diff --git a/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/fields/base-fields.yml b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/fields/base-fields.yml new file mode 100644 index 0000000000..bef973826b --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: '@timestamp' + type: date + description: Event timestamp. +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. diff --git a/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/fields/ecs.yml b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/fields/ecs.yml new file mode 100644 index 0000000000..5cca3cdc03 --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/fields/ecs.yml @@ -0,0 +1,218 @@ +- name: agent.ephemeral_id + type: keyword + description: | + The Ephemeral ID identifies a running process. +- name: agent.name + type: keyword + description: | + Name of the agent used. +- name: agent.version + type: keyword + description: | + Version of the agent used. +- name: client.ip + type: ip + description: | + IP address of the client of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address. +- name: cloud.account.id + level: extended + type: keyword + description: Cloud account ID + ignore_above: 1024 +- name: cloud.account.name + level: extended + type: keyword + description: Cloud account name + ignore_above: 1024 +- name: cloud.availability_zone + level: extended + type: keyword + description: Cloud availability zone name + ignore_above: 1024 +- name: cloud.instance.id + level: extended + type: keyword + description: Cloud instance/machine ID + ignore_above: 1024 +- name: cloud.instance.name + level: extended + type: keyword + description: Cloud instance/machine name + ignore_above: 1024 +- name: cloud.machine.type + level: extended + type: keyword + description: Cloud instance/machine type + ignore_above: 1024 +- name: cloud.project.id + level: extended + type: keyword + description: Cloud project ID + ignore_above: 1024 +- name: cloud.project.name + level: extended + type: keyword + description: Cloud project name + ignore_above: 1024 +- name: cloud.provider + level: extended + type: keyword + description: Cloud provider name + ignore_above: 1024 +- name: cloud.region + level: extended + type: keyword + description: Cloud region name + ignore_above: 1024 +- name: container.id + type: keyword + description: | + Unique container id. +- name: destination.address + level: extended + type: keyword + description: Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 +- name: destination.ip + level: core + type: ip + description: IP addess of the destination. Can be one of multiple IPv4 or IPv6 addresses. +- name: destination.port + level: core + type: long + format: string + description: Port of the destination. +- name: event.outcome + level: core + type: keyword + description: | + `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. + ignore_above: 1024 +- name: host.architecture + type: keyword + description: | + The architecture of the host the event was recorded on. +- name: host.hostname + type: keyword + description: | + The hostname of the host the event was recorded on. +- name: host.ip + type: ip + description: | + IP of the host that records the event. +- name: host.name + type: keyword + description: | + Name of the host the event was recorded on. It can contain same information as host.hostname or a name specified by the user. +- name: host.os.platform + type: keyword + description: | + The platform of the host the event was recorded on. +- name: labels + type: object + description: | + A flat mapping of user-defined labels with string, boolean or number values. +- name: observer.hostname + type: keyword + description: | + Hostname of the APM Server. +- name: observer.type + type: keyword + description: | + The type will be set to `apm-server`. +- name: observer.version + type: keyword + description: | + APM Server version. +- name: process.args + level: extended + type: keyword + description: | + Process arguments. May be filtered to protect sensitive information. +- name: process.pid + type: long + description: | + Numeric process ID of the service process. +- name: process.ppid + type: long + description: | + Numeric ID of the service's parent process. +- name: process.title + type: keyword + description: | + Service process title. +- name: service.name + type: keyword + description: | + Immutable name of the service emitting this event. +- name: service.node.name + type: keyword + description: | + Unique meaningful name of the service node. +- name: service.version + type: keyword + description: | + Version of the service emitting this event. +- name: source.ip + type: ip + description: | + IP address of the source of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address. +- name: transaction.id + type: keyword + description: | + The transaction ID. +- name: user.email + type: keyword + description: | + Email of the logged in user. +- name: user.id + type: keyword + description: | + Identifier of the logged in user. +- name: user.name + type: keyword + description: | + The username of the logged in user. +- name: user_agent.device.name + type: keyword + description: | + Name of the device. +- name: user_agent.name + type: keyword + description: | + Name of the user agent. +- name: user_agent.original + type: keyword + description: | + Unparsed version of the user_agent. + multi_fields: + - name: text + type: text +- name: user_agent.os.family + type: keyword + description: | + OS family (such as redhat, debian, freebsd, windows). +- name: user_agent.os.full + type: keyword + description: | + Operating system name, including the version or code name. +- name: user_agent.os.kernel + type: keyword + description: | + Operating system kernel version as a raw string. +- name: user_agent.os.name + type: keyword + description: | + Operating system name, without the version. +- name: user_agent.os.platform + type: keyword + description: | + Operating system platform (such centos, ubuntu, windows). +- name: user_agent.os.version + type: keyword + description: | + Operating system version as a raw string. +- name: user_agent.version + type: keyword + description: | + Version of the user agent. diff --git a/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/fields/fields.yml b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/fields/fields.yml new file mode 100644 index 0000000000..3ba8fa55ea --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/fields/fields.yml @@ -0,0 +1,154 @@ +- name: experimental + type: object + description: Additional experimental data sent by the agents. +- name: kubernetes.namespace + type: keyword + description: | + Kubernetes namespace +- name: kubernetes.node.name + type: keyword + description: | + Kubernetes node name +- name: kubernetes.pod.name + type: keyword + description: | + Kubernetes pod name +- name: kubernetes.pod.uid + type: keyword + description: | + Kubernetes Pod UID +- name: metricset.period + type: long +- name: observer.listening + type: keyword + description: | + Address the server is listening on. +- name: observer.version_major + type: byte + description: | + Major version number of the observer +- name: processor.event + type: keyword + description: Processor event. +- name: processor.name + type: keyword + description: Processor name. +- name: service.environment + type: keyword + description: | + Service environment. +- name: service.framework.name + type: keyword + description: | + Name of the framework used. +- name: service.framework.version + type: keyword + description: | + Version of the framework used. +- name: service.language.name + type: keyword + description: | + Name of the programming language used. +- name: service.language.version + type: keyword + description: | + Version of the programming language used. +- name: service.runtime.name + type: keyword + description: | + Name of the runtime used. +- name: service.runtime.version + type: keyword + description: | + Version of the runtime used. +- name: span.destination.service.response_time.count + type: long +- name: span.destination.service.response_time.sum.us + type: long +- name: span.self_time.count + type: long +- name: span.self_time.sum.us + type: long +- name: span.subtype + type: keyword + description: | + A further sub-division of the type (e.g. postgresql, elasticsearch) +- name: span.type + type: keyword + description: | + Keyword of specific relevance in the service's domain (eg: 'db.postgresql.query', 'template.erb', 'cache', etc). +- name: system.cpu.total.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent by the process since the last event. This value is normalized by the number of CPU cores and it ranges from 0 to 100%. +- name: system.memory.actual.free + type: long + format: bytes + description: | + Actual free memory in bytes. It is calculated based on the OS. On Linux it consists of the free memory plus caches and buffers. On OSX it is a sum of free memory and the inactive memory. On Windows, it is equal to `system.memory.free`. +- name: system.memory.total + type: long + format: bytes + description: | + Total memory. +- name: system.process.cgroup.memory.mem.limit.bytes + type: long + format: bytes + description: Memory limit for the current cgroup slice. +- name: system.process.cgroup.memory.mem.usage.bytes + type: long + format: bytes + description: Memory usage by the current cgroup slice. +- name: system.process.cpu.total.norm.pct + type: scaled_float + format: percent + description: | + The percentage of CPU time spent by the process since the last event. This value is normalized by the number of CPU cores and it ranges from 0 to 100%. +- name: system.process.memory.rss.bytes + type: long + format: bytes + description: | + The Resident Set Size. The amount of memory the process occupied in main memory (RAM). +- name: system.process.memory.size + type: long + format: bytes + description: | + The total virtual memory the process has. +- name: timestamp.us + type: long + description: | + Timestamp of the event in microseconds since Unix epoch. +- name: transaction.breakdown.count + type: long +- name: transaction.duration.count + type: long +- name: transaction.duration.histogram + type: histogram + description: | + Pre-aggregated histogram of transaction durations. +- name: transaction.duration.sum.us + type: long +- name: transaction.name + type: keyword + description: | + Generic designation of a transaction in the scope of a single service (eg. 'GET /users/:id'). + multi_fields: + - name: text + type: text +- name: transaction.root + type: boolean + description: | + Identifies metrics for root transactions. This can be used for calculating metrics for traces. +- name: transaction.sampled + type: boolean + description: | + Transactions that are 'sampled' will include all available information. Transactions that are not sampled will not have spans or context. +- name: transaction.self_time.count + type: long +- name: transaction.self_time.sum.us + type: long +- name: transaction.type + type: keyword + description: | + Keyword of specific relevance in the service's domain (eg. 'request', 'backgroundjob', etc) diff --git a/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/manifest.yml b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/manifest.yml new file mode 100644 index 0000000000..6fb4ec958c --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/internal_metrics/manifest.yml @@ -0,0 +1,3 @@ +title: APM internal metrics +type: metrics +dataset: apm.internal diff --git a/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json new file mode 100644 index 0000000000..3d68a9bb5c --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json @@ -0,0 +1,12 @@ +{ + "description": "Add an ingest timestamp for APM events", + "processors": [ + { + "set": { + "field": "event.ingested", + "if": "ctx.processor?.event != 'span'", + "value": "{{_ingest.timestamp}}" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json new file mode 100644 index 0000000000..ad095d62ac --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json @@ -0,0 +1,25 @@ +{ + "description": "Removes metadata fields available already on the parent transaction, to save storage", + "processors": [ + { + "remove": { + "field": [ + "host", + "process", + "user", + "user_agent", + "container", + "kubernetes", + "service.node", + "service.version", + "service.language", + "service.runtime", + "service.framework" + ], + "if": "ctx.processor?.event == 'span'", + "ignore_failure": true, + "ignore_missing": true + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/apm_user_agent.json b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/apm_user_agent.json new file mode 100644 index 0000000000..b5810f590d --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/apm_user_agent.json @@ -0,0 +1,13 @@ +{ + "description": "Add user agent information for APM events", + "processors": [ + { + "user_agent": { + "field": "user_agent.original", + "ignore_failure": true, + "ignore_missing": true, + "target_field": "user_agent" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/apm_user_geo.json b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/apm_user_geo.json new file mode 100644 index 0000000000..05ecc7ddcc --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/apm_user_geo.json @@ -0,0 +1,22 @@ +{ + "description": "Add user geo information for APM events", + "processors": [ + { + "geoip": { + "database_file": "GeoLite2-City.mmdb", + "field": "client.ip", + "ignore_missing": true, + "on_failure": [ + { + "remove": { + "field": "client.ip", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "target_field": "client.geo" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/default.json b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/default.json new file mode 100644 index 0000000000..77745a05fe --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/elasticsearch/ingest_pipeline/default.json @@ -0,0 +1,25 @@ +{ + "description": "Default enrichment for APM events", + "processors": [ + { + "pipeline": { + "name": "metrics-apm.profiling-0.1.0-dev.1-apm_user_agent" + } + }, + { + "pipeline": { + "name": "metrics-apm.profiling-0.1.0-dev.1-apm_user_geo" + } + }, + { + "pipeline": { + "name": "metrics-apm.profiling-0.1.0-dev.1-apm_ingest_timestamp" + } + }, + { + "pipeline": { + "name": "metrics-apm.profiling-0.1.0-dev.1-apm_remove_span_metadata" + } + } + ] +} diff --git a/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/fields/base-fields.yml b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/fields/base-fields.yml new file mode 100644 index 0000000000..bef973826b --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: '@timestamp' + type: date + description: Event timestamp. +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. diff --git a/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/fields/ecs.yml b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/fields/ecs.yml new file mode 100644 index 0000000000..79b4403495 --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/fields/ecs.yml @@ -0,0 +1,208 @@ +- name: agent.ephemeral_id + type: keyword + description: | + The Ephemeral ID identifies a running process. +- name: agent.name + type: keyword + description: | + Name of the agent used. +- name: agent.version + type: keyword + description: | + Version of the agent used. +- name: client.ip + type: ip + description: | + IP address of the client of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address. +- name: cloud.account.id + level: extended + type: keyword + description: Cloud account ID + ignore_above: 1024 +- name: cloud.account.name + level: extended + type: keyword + description: Cloud account name + ignore_above: 1024 +- name: cloud.availability_zone + level: extended + type: keyword + description: Cloud availability zone name + ignore_above: 1024 +- name: cloud.instance.id + level: extended + type: keyword + description: Cloud instance/machine ID + ignore_above: 1024 +- name: cloud.instance.name + level: extended + type: keyword + description: Cloud instance/machine name + ignore_above: 1024 +- name: cloud.machine.type + level: extended + type: keyword + description: Cloud instance/machine type + ignore_above: 1024 +- name: cloud.project.id + level: extended + type: keyword + description: Cloud project ID + ignore_above: 1024 +- name: cloud.project.name + level: extended + type: keyword + description: Cloud project name + ignore_above: 1024 +- name: cloud.provider + level: extended + type: keyword + description: Cloud provider name + ignore_above: 1024 +- name: cloud.region + level: extended + type: keyword + description: Cloud region name + ignore_above: 1024 +- name: container.id + type: keyword + description: | + Unique container id. +- name: destination.address + level: extended + type: keyword + description: Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 +- name: destination.ip + level: core + type: ip + description: IP addess of the destination. Can be one of multiple IPv4 or IPv6 addresses. +- name: destination.port + level: core + type: long + format: string + description: Port of the destination. +- name: host.architecture + type: keyword + description: | + The architecture of the host the event was recorded on. +- name: host.hostname + type: keyword + description: | + The hostname of the host the event was recorded on. +- name: host.ip + type: ip + description: | + IP of the host that records the event. +- name: host.name + type: keyword + description: | + Name of the host the event was recorded on. It can contain same information as host.hostname or a name specified by the user. +- name: host.os.platform + type: keyword + description: | + The platform of the host the event was recorded on. +- name: labels + type: object + description: | + A flat mapping of user-defined labels with string, boolean or number values. +- name: observer.hostname + type: keyword + description: | + Hostname of the APM Server. +- name: observer.type + type: keyword + description: | + The type will be set to `apm-server`. +- name: observer.version + type: keyword + description: | + APM Server version. +- name: process.args + level: extended + type: keyword + description: | + Process arguments. May be filtered to protect sensitive information. +- name: process.pid + type: long + description: | + Numeric process ID of the service process. +- name: process.ppid + type: long + description: | + Numeric ID of the service's parent process. +- name: process.title + type: keyword + description: | + Service process title. +- name: service.name + type: keyword + description: | + Immutable name of the service emitting this event. +- name: service.node.name + type: keyword + description: | + Unique meaningful name of the service node. +- name: service.version + type: keyword + description: | + Version of the service emitting this event. +- name: source.ip + type: ip + description: | + IP address of the source of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address. +- name: user.email + type: keyword + description: | + Email of the logged in user. +- name: user.id + type: keyword + description: | + Identifier of the logged in user. +- name: user.name + type: keyword + description: | + The username of the logged in user. +- name: user_agent.device.name + type: keyword + description: | + Name of the device. +- name: user_agent.name + type: keyword + description: | + Name of the user agent. +- name: user_agent.original + type: keyword + description: | + Unparsed version of the user_agent. + multi_fields: + - name: text + type: text +- name: user_agent.os.family + type: keyword + description: | + OS family (such as redhat, debian, freebsd, windows). +- name: user_agent.os.full + type: keyword + description: | + Operating system name, including the version or code name. +- name: user_agent.os.kernel + type: keyword + description: | + Operating system kernel version as a raw string. +- name: user_agent.os.name + type: keyword + description: | + Operating system name, without the version. +- name: user_agent.os.platform + type: keyword + description: | + Operating system platform (such centos, ubuntu, windows). +- name: user_agent.os.version + type: keyword + description: | + Operating system version as a raw string. +- name: user_agent.version + type: keyword + description: | + Version of the user agent. diff --git a/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/fields/fields.yml b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/fields/fields.yml new file mode 100644 index 0000000000..e669335477 --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/fields/fields.yml @@ -0,0 +1,129 @@ +- name: experimental + type: object + description: Additional experimental data sent by the agents. +- name: kubernetes.namespace + type: keyword + description: | + Kubernetes namespace +- name: kubernetes.node.name + type: keyword + description: | + Kubernetes node name +- name: kubernetes.pod.name + type: keyword + description: | + Kubernetes pod name +- name: kubernetes.pod.uid + type: keyword + description: | + Kubernetes Pod UID +- name: observer.listening + type: keyword + description: | + Address the server is listening on. +- name: observer.version_major + type: byte + description: | + Major version number of the observer +- name: processor.event + type: keyword + description: Processor event. +- name: processor.name + type: keyword + description: Processor name. +- name: profile.alloc_objects.count + type: long + description: | + Number of objects allocated since the process started. +- name: profile.alloc_space.bytes + type: long + description: | + Amount of memory allocated, in bytes, since the process started. +- name: profile.cpu.ns + type: long + description: | + Amount of CPU time profiled, in nanoseconds. +- name: profile.duration + type: long + description: | + Duration of the profile, in microseconds. All samples within a profile will have the same duration. To aggregate durations, you should first group by the profile ID. +- name: profile.id + type: keyword + description: | + Unique ID for the profile. All samples within a profile will have the same profile ID. +- name: profile.inuse_objects.count + type: long + description: | + Number of objects allocated and currently in use. +- name: profile.inuse_space.bytes + type: long + description: | + Amount of memory allocated, in bytes, and currently in use. +- name: profile.samples.count + type: long + description: | + Number of profile samples for the profiling period. +- name: profile.stack.filename + type: keyword + description: | + Source code filename for a stack frame. +- name: profile.stack.function + type: keyword + description: | + Function name for a stack frame. +- name: profile.stack.id + type: keyword + description: | + Unique ID for a stack frame in the context of its callers. +- name: profile.stack.line + type: long + description: | + Source code line number for a stack frame. +- name: profile.top.filename + type: keyword + description: | + Source code filename for the top stack frame. +- name: profile.top.function + type: keyword + description: | + Function name for the top stack frame. +- name: profile.top.id + type: keyword + description: | + Unique ID for the top stack frame in the context of its callers. +- name: profile.top.line + type: long + description: | + Source code line number for the top stack frame. +- name: service.environment + type: keyword + description: | + Service environment. +- name: service.framework.name + type: keyword + description: | + Name of the framework used. +- name: service.framework.version + type: keyword + description: | + Version of the framework used. +- name: service.language.name + type: keyword + description: | + Name of the programming language used. +- name: service.language.version + type: keyword + description: | + Version of the programming language used. +- name: service.runtime.name + type: keyword + description: | + Name of the runtime used. +- name: service.runtime.version + type: keyword + description: | + Version of the runtime used. +- name: timestamp.us + type: long + description: | + Timestamp of the event in microseconds since Unix epoch. diff --git a/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/manifest.yml b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/manifest.yml new file mode 100644 index 0000000000..8452356da9 --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/profile_metrics/manifest.yml @@ -0,0 +1,3 @@ +title: APM profiles +type: metrics +dataset: apm.profiling diff --git a/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json b/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json new file mode 100644 index 0000000000..3d68a9bb5c --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/apm_ingest_timestamp.json @@ -0,0 +1,12 @@ +{ + "description": "Add an ingest timestamp for APM events", + "processors": [ + { + "set": { + "field": "event.ingested", + "if": "ctx.processor?.event != 'span'", + "value": "{{_ingest.timestamp}}" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json b/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json new file mode 100644 index 0000000000..ad095d62ac --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/apm_remove_span_metadata.json @@ -0,0 +1,25 @@ +{ + "description": "Removes metadata fields available already on the parent transaction, to save storage", + "processors": [ + { + "remove": { + "field": [ + "host", + "process", + "user", + "user_agent", + "container", + "kubernetes", + "service.node", + "service.version", + "service.language", + "service.runtime", + "service.framework" + ], + "if": "ctx.processor?.event == 'span'", + "ignore_failure": true, + "ignore_missing": true + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/apm_user_agent.json b/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/apm_user_agent.json new file mode 100644 index 0000000000..b5810f590d --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/apm_user_agent.json @@ -0,0 +1,13 @@ +{ + "description": "Add user agent information for APM events", + "processors": [ + { + "user_agent": { + "field": "user_agent.original", + "ignore_failure": true, + "ignore_missing": true, + "target_field": "user_agent" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/apm_user_geo.json b/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/apm_user_geo.json new file mode 100644 index 0000000000..05ecc7ddcc --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/apm_user_geo.json @@ -0,0 +1,22 @@ +{ + "description": "Add user geo information for APM events", + "processors": [ + { + "geoip": { + "database_file": "GeoLite2-City.mmdb", + "field": "client.ip", + "ignore_missing": true, + "on_failure": [ + { + "remove": { + "field": "client.ip", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "target_field": "client.geo" + } + } + ] +} \ No newline at end of file diff --git a/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/default.json b/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/default.json new file mode 100644 index 0000000000..d8ef47016f --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/traces/elasticsearch/ingest_pipeline/default.json @@ -0,0 +1,25 @@ +{ + "description": "Default enrichment for APM events", + "processors": [ + { + "pipeline": { + "name": "traces-apm-0.1.0-dev.1-apm_user_agent" + } + }, + { + "pipeline": { + "name": "traces-apm-0.1.0-dev.1-apm_user_geo" + } + }, + { + "pipeline": { + "name": "traces-apm-0.1.0-dev.1-apm_ingest_timestamp" + } + }, + { + "pipeline": { + "name": "traces-apm-0.1.0-dev.1-apm_remove_span_metadata" + } + } + ] +} diff --git a/packages/apm/0.1.0-dev.1/data_stream/traces/fields/base-fields.yml b/packages/apm/0.1.0-dev.1/data_stream/traces/fields/base-fields.yml new file mode 100644 index 0000000000..bef973826b --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/traces/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: '@timestamp' + type: date + description: Event timestamp. +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. diff --git a/packages/apm/0.1.0-dev.1/data_stream/traces/fields/ecs.yml b/packages/apm/0.1.0-dev.1/data_stream/traces/fields/ecs.yml new file mode 100644 index 0000000000..534743b298 --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/traces/fields/ecs.yml @@ -0,0 +1,270 @@ +- name: agent.ephemeral_id + type: keyword + description: | + The Ephemeral ID identifies a running process. +- name: agent.name + type: keyword + description: | + Name of the agent used. +- name: agent.version + type: keyword + description: | + Version of the agent used. +- name: client.ip + type: ip + description: | + IP address of the client of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address. +- name: cloud.account.id + level: extended + type: keyword + description: Cloud account ID + ignore_above: 1024 +- name: cloud.account.name + level: extended + type: keyword + description: Cloud account name + ignore_above: 1024 +- name: cloud.availability_zone + level: extended + type: keyword + description: Cloud availability zone name + ignore_above: 1024 +- name: cloud.instance.id + level: extended + type: keyword + description: Cloud instance/machine ID + ignore_above: 1024 +- name: cloud.instance.name + level: extended + type: keyword + description: Cloud instance/machine name + ignore_above: 1024 +- name: cloud.machine.type + level: extended + type: keyword + description: Cloud instance/machine type + ignore_above: 1024 +- name: cloud.project.id + level: extended + type: keyword + description: Cloud project ID + ignore_above: 1024 +- name: cloud.project.name + level: extended + type: keyword + description: Cloud project name + ignore_above: 1024 +- name: cloud.provider + level: extended + type: keyword + description: Cloud provider name + ignore_above: 1024 +- name: cloud.region + level: extended + type: keyword + description: Cloud region name + ignore_above: 1024 +- name: container.id + type: keyword + description: | + Unique container id. +- name: destination.address + level: extended + type: keyword + description: Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + ignore_above: 1024 +- name: destination.ip + level: core + type: ip + description: IP addess of the destination. Can be one of multiple IPv4 or IPv6 addresses. +- name: destination.port + level: core + type: long + format: string + description: Port of the destination. +- name: event.outcome + level: core + type: keyword + description: | + `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. + ignore_above: 1024 +- name: host.architecture + type: keyword + description: | + The architecture of the host the event was recorded on. +- name: host.hostname + type: keyword + description: | + The hostname of the host the event was recorded on. +- name: host.ip + type: ip + description: | + IP of the host that records the event. +- name: host.name + type: keyword + description: | + Name of the host the event was recorded on. It can contain same information as host.hostname or a name specified by the user. +- name: host.os.platform + type: keyword + description: | + The platform of the host the event was recorded on. +- name: http.request.method + type: keyword + description: | + The http method of the request leading to this event. +- name: http.request.referrer + type: keyword + description: Referrer for this HTTP request. + ignore_above: 1024 +- name: http.response.status_code + type: long + description: | + The status code of the HTTP response. +- name: http.version + type: keyword + description: | + The http version of the request leading to this event. +- name: labels + type: object + description: | + A flat mapping of user-defined labels with string, boolean or number values. +- name: observer.hostname + type: keyword + description: | + Hostname of the APM Server. +- name: observer.type + type: keyword + description: | + The type will be set to `apm-server`. +- name: observer.version + type: keyword + description: | + APM Server version. +- name: process.args + level: extended + type: keyword + description: | + Process arguments. May be filtered to protect sensitive information. +- name: process.pid + type: long + description: | + Numeric process ID of the service process. +- name: process.ppid + type: long + description: | + Numeric ID of the service's parent process. +- name: process.title + type: keyword + description: | + Service process title. +- name: service.name + type: keyword + description: | + Immutable name of the service emitting this event. +- name: service.node.name + type: keyword + description: | + Unique meaningful name of the service node. +- name: service.version + type: keyword + description: | + Version of the service emitting this event. +- name: source.ip + type: ip + description: | + IP address of the source of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address. +- name: span.id + type: keyword + description: | + The ID of the span stored as hex encoded string. +- name: trace.id + type: keyword + description: | + The ID of the trace to which the event belongs to. +- name: transaction.id + type: keyword + description: | + The transaction ID. +- name: url.domain + type: keyword + description: | + The hostname of the request, e.g. "example.com". +- name: url.fragment + type: keyword + description: | + A fragment specifying a location in a web page , e.g. "top". +- name: url.full + type: keyword + description: | + The full, possibly agent-assembled URL of the request, e.g https://example.com:443/search?q=elasticsearch#top. +- name: url.path + type: keyword + description: | + The path of the request, e.g. "/search". +- name: url.port + type: long + description: | + The port of the request, e.g. 443. +- name: url.query + type: keyword + description: | + The query string of the request, e.g. "q=elasticsearch". +- name: url.scheme + type: keyword + description: | + The protocol of the request, e.g. "https:". +- name: user.email + type: keyword + description: | + Email of the logged in user. +- name: user.id + type: keyword + description: | + Identifier of the logged in user. +- name: user.name + type: keyword + description: | + The username of the logged in user. +- name: user_agent.device.name + type: keyword + description: | + Name of the device. +- name: user_agent.name + type: keyword + description: | + Name of the user agent. +- name: user_agent.original + type: keyword + description: | + Unparsed version of the user_agent. + multi_fields: + - name: text + type: text +- name: user_agent.os.family + type: keyword + description: | + OS family (such as redhat, debian, freebsd, windows). +- name: user_agent.os.full + type: keyword + description: | + Operating system name, including the version or code name. +- name: user_agent.os.kernel + type: keyword + description: | + Operating system kernel version as a raw string. +- name: user_agent.os.name + type: keyword + description: | + Operating system name, without the version. +- name: user_agent.os.platform + type: keyword + description: | + Operating system platform (such centos, ubuntu, windows). +- name: user_agent.os.version + type: keyword + description: | + Operating system version as a raw string. +- name: user_agent.version + type: keyword + description: | + Version of the user agent. diff --git a/packages/apm/0.1.0-dev.1/data_stream/traces/fields/fields.yml b/packages/apm/0.1.0-dev.1/data_stream/traces/fields/fields.yml new file mode 100644 index 0000000000..0cda55db1e --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/traces/fields/fields.yml @@ -0,0 +1,216 @@ +- name: child.id + type: keyword + description: | + The ID(s)s of the child event(s). +- name: experimental + type: object + description: Additional experimental data sent by the agents. +- name: http.request.headers + type: object + description: | + The canonical headers of the monitored HTTP request. +- name: http.response.finished + type: boolean + description: | + Used by the Node agent to indicate when in the response life cycle an error has occurred. +- name: http.response.headers + type: object + description: | + The canonical headers of the monitored HTTP response. +- name: kubernetes.namespace + type: keyword + description: | + Kubernetes namespace +- name: kubernetes.node.name + type: keyword + description: | + Kubernetes node name +- name: kubernetes.pod.name + type: keyword + description: | + Kubernetes pod name +- name: kubernetes.pod.uid + type: keyword + description: | + Kubernetes Pod UID +- name: observer.listening + type: keyword + description: | + Address the server is listening on. +- name: observer.version_major + type: byte + description: | + Major version number of the observer +- name: parent.id + type: keyword + description: | + The ID of the parent event. +- name: processor.event + type: keyword + description: Processor event. +- name: processor.name + type: keyword + description: Processor name. +- name: service.environment + type: keyword + description: | + Service environment. +- name: service.framework.name + type: keyword + description: | + Name of the framework used. +- name: service.framework.version + type: keyword + description: | + Version of the framework used. +- name: service.language.name + type: keyword + description: | + Name of the programming language used. +- name: service.language.version + type: keyword + description: | + Version of the programming language used. +- name: service.runtime.name + type: keyword + description: | + Name of the runtime used. +- name: service.runtime.version + type: keyword + description: | + Version of the runtime used. +- name: span.action + type: keyword + description: | + The specific kind of event within the sub-type represented by the span (e.g. query, connect) +- name: span.db.link + type: keyword + description: | + Database link. +- name: span.db.rows_affected + type: long + description: | + Number of rows affected by the database statement. +- name: span.destination.service.name + type: keyword + description: | + Identifier for the destination service (e.g. 'http://elastic.co', 'elasticsearch', 'rabbitmq') +- name: span.destination.service.resource + type: keyword + description: | + Identifier for the destination service resource being operated on (e.g. 'http://elastic.co:80', 'elasticsearch', 'rabbitmq/queue_name') +- name: span.destination.service.type + type: keyword + description: | + Type of the destination service (e.g. 'db', 'elasticsearch'). Should typically be the same as span.type. +- name: span.duration.us + type: long + description: | + Duration of the span, in microseconds. +- name: span.message.age.ms + type: long + description: | + Age of a message in milliseconds. +- name: span.message.queue.name + type: keyword + description: | + Name of the message queue or topic where the message is published or received. +- name: span.name + type: keyword + description: | + Generic designation of a span in the scope of a transaction. +- name: span.self_time.count + type: long +- name: span.self_time.sum.us + type: long +- name: span.start.us + type: long + description: | + Offset relative to the transaction's timestamp identifying the start of the span, in microseconds. +- name: span.subtype + type: keyword + description: | + A further sub-division of the type (e.g. postgresql, elasticsearch) +- name: span.sync + type: boolean + description: | + Indicates whether the span was executed synchronously or asynchronously. +- name: span.type + type: keyword + description: | + Keyword of specific relevance in the service's domain (eg: 'db.postgresql.query', 'template.erb', 'cache', etc). +- name: timestamp.us + type: long + description: | + Timestamp of the event in microseconds since Unix epoch. +- name: transaction.breakdown.count + type: long +- name: transaction.duration.count + type: long +- name: transaction.duration.sum.us + type: long +- name: transaction.duration.us + type: long + description: | + Total duration of this transaction, in microseconds. +- name: transaction.experience.cls + type: scaled_float + description: The Cumulative Layout Shift metric +- name: transaction.experience.fid + type: scaled_float + description: The First Input Delay metric +- name: transaction.experience.longtask.count + type: long + description: The total number of of longtasks +- name: transaction.experience.longtask.max + type: scaled_float + description: The max longtask duration +- name: transaction.experience.longtask.sum + type: scaled_float + description: The sum of longtask durations +- name: transaction.experience.tbt + type: scaled_float + description: The Total Blocking Time metric +- name: transaction.marks + type: object + description: | + A user-defined mapping of groups of marks in milliseconds. +- name: transaction.marks.*.* + type: object +- name: transaction.message.age.ms + type: long + description: | + Age of a message in milliseconds. +- name: transaction.message.queue.name + type: keyword + description: | + Name of the message queue or topic where the message is published or received. +- name: transaction.name + type: keyword + description: | + Generic designation of a transaction in the scope of a single service (eg. 'GET /users/:id'). + multi_fields: + - name: text + type: text +- name: transaction.result + type: keyword + description: | + The result of the transaction. HTTP status code for HTTP-related transactions. +- name: transaction.sampled + type: boolean + description: | + Transactions that are 'sampled' will include all available information. Transactions that are not sampled will not have spans or context. +- name: transaction.self_time.count + type: long +- name: transaction.self_time.sum.us + type: long +- name: transaction.span_count.dropped + type: long + description: The total amount of dropped spans for this transaction. +- name: transaction.type + type: keyword + description: | + Keyword of specific relevance in the service's domain (eg. 'request', 'backgroundjob', etc) +- name: view spans + type: keyword + format: url diff --git a/packages/apm/0.1.0-dev.1/data_stream/traces/manifest.yml b/packages/apm/0.1.0-dev.1/data_stream/traces/manifest.yml new file mode 100644 index 0000000000..d04968d09b --- /dev/null +++ b/packages/apm/0.1.0-dev.1/data_stream/traces/manifest.yml @@ -0,0 +1,3 @@ +title: APM traces +type: traces +dataset: apm diff --git a/packages/apm/0.1.0-dev.1/docs/README.md b/packages/apm/0.1.0-dev.1/docs/README.md new file mode 100644 index 0000000000..81ba46ece7 --- /dev/null +++ b/packages/apm/0.1.0-dev.1/docs/README.md @@ -0,0 +1,741 @@ +# APM Integration + +The APM integration installs templates and pipelines for APM data. +If a policy contains an `apm` input, any Elastic Agent(s) set up with that policy will run an APM Server binary, and bind to `localhost:8200`. +You must configure your APM Agents to communicate with that APM Server. + +If you have RUM enabled, you must run APM Server centrally. Otherwise, you can run it at the edge machines. +To do so, download and enroll an Elastic Agent in the same machines where your instrumented services run. + + +### Compatibility and limitations + +The APM integration requires Kibana 7.11 and Elasticsearch with basic license. +This version is experimental and has some limitations, listed bellow: + +- Elastic Cloud is not supported. +- Standalone mode is not supported. +- If you need to customize settings for APM Server, you need to update the agent policy manually. +Look for `apm-server` in the `apm` input. +- It is not possible to change APM Server settings dynamically. +You must update the policy with any changes you need and stop the APM Server process. + + +### Configuration parameters + +- `RUM`: Enables support for RUM monitoring. See the [documentation](https://www.elastic.co/guide/en/apm/server/current/configuration-rum.html) for details. + + +### Traces + +Traces are comprised of [spans and transactions](https://www.elastic.co/guide/en/apm/get-started/current/apm-data-model.html). +Traces are written to `traces-apm.*` indices. + +**Exported Fields** + +| Field | Description | Type | ECS | +|---|---|---|:---:| +|@timestamp|Event timestamp.|date| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|data_stream.type|Data stream type.|constant_keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|data_stream.dataset|Data stream dataset.|constant_keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|data_stream.namespace|Data stream namespace.|constant_keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|agent.ephemeral_id|The Ephemeral ID identifies a running process.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|agent.name|Name of the agent used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|agent.version|Version of the agent used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|child.id|The ID(s)s of the child event(s).|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|client.ip|IP address of the client of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address.|ip| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.account.id|Cloud account ID|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.account.name|Cloud account name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.availability_zone|Cloud availability zone name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.instance.id|Cloud instance/machine ID|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.instance.name|Cloud instance/machine name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.machine.type|Cloud instance/machine type|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.project.id|Cloud project ID|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.project.name|Cloud project name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.provider|Cloud provider name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.region|Cloud region name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|container.id|Unique container id.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|destination.address|Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|destination.ip|IP addess of the destination. Can be one of multiple IPv4 or IPv6 addresses.|ip| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|destination.port|Port of the destination.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|event.outcome|`event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|experimental|Additional experimental data sent by the agents.|object| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|host.architecture|The architecture of the host the event was recorded on.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|host.hostname|The hostname of the host the event was recorded on.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|host.ip|IP of the host that records the event.|ip| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|host.name|Name of the host the event was recorded on. It can contain same information as host.hostname or a name specified by the user.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|host.os.platform|The platform of the host the event was recorded on.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|http.request.headers|The canonical headers of the monitored HTTP request.|object| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|http.request.method|The http method of the request leading to this event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|http.request.referrer|Referrer for this HTTP request.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|http.response.finished|Used by the Node agent to indicate when in the response life cycle an error has occurred.|boolean| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|http.response.headers|The canonical headers of the monitored HTTP response.|object| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|http.response.status_code|The status code of the HTTP response.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|http.version|The http version of the request leading to this event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|kubernetes.namespace|Kubernetes namespace|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|kubernetes.node.name|Kubernetes node name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|kubernetes.pod.name|Kubernetes pod name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|kubernetes.pod.uid|Kubernetes Pod UID|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|labels|A flat mapping of user-defined labels with string, boolean or number values.|object| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|observer.hostname|Hostname of the APM Server.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|observer.listening|Address the server is listening on.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|observer.type|The type will be set to `apm-server`.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|observer.version|APM Server version.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|observer.version_major|Major version number of the observer|byte| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|parent.id|The ID of the parent event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|process.args|Process arguments. May be filtered to protect sensitive information.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|process.pid|Numeric process ID of the service process.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|process.ppid|Numeric ID of the service's parent process.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|process.title|Service process title.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|processor.event|Processor event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|processor.name|Processor name.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.environment|Service environment.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.framework.name|Name of the framework used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.framework.version|Version of the framework used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.language.name|Name of the programming language used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.language.version|Version of the programming language used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.name|Immutable name of the service emitting this event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|service.node.name|Unique meaningful name of the service node.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|service.runtime.name|Name of the runtime used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.runtime.version|Version of the runtime used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.version|Version of the service emitting this event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|source.ip|IP address of the source of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address.|ip| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|span.action|The specific kind of event within the sub-type represented by the span (e.g. query, connect)|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.db.link|Database link.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.db.rows_affected|Number of rows affected by the database statement.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.destination.service.name|Identifier for the destination service (e.g. 'http://elastic.co', 'elasticsearch', 'rabbitmq')|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.destination.service.resource|Identifier for the destination service resource being operated on (e.g. 'http://elastic.co:80', 'elasticsearch', 'rabbitmq/queue_name')|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.destination.service.type|Type of the destination service (e.g. 'db', 'elasticsearch'). Should typically be the same as span.type.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.duration.us|Duration of the span, in microseconds.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.id|The ID of the span stored as hex encoded string.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|span.message.age.ms|Age of a message in milliseconds.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.message.queue.name|Name of the message queue or topic where the message is published or received.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.name|Generic designation of a span in the scope of a transaction.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.self_time.count||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.self_time.sum.us||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.start.us|Offset relative to the transaction's timestamp identifying the start of the span, in microseconds.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.subtype|A further sub-division of the type (e.g. postgresql, elasticsearch)|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.sync|Indicates whether the span was executed synchronously or asynchronously.|boolean| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|span.type|Keyword of specific relevance in the service's domain (eg: 'db.postgresql.query', 'template.erb', 'cache', etc).|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|timestamp.us|Timestamp of the event in microseconds since Unix epoch.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|trace.id|The ID of the trace to which the event belongs to.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|transaction.breakdown.count||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.duration.count||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.duration.sum.us||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.duration.us|Total duration of this transaction, in microseconds.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.experience.cls|The Cumulative Layout Shift metric|scaled_float| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.experience.fid|The First Input Delay metric|scaled_float| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.experience.longtask.count|The total number of of longtasks|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.experience.longtask.max|The max longtask duration|scaled_float| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.experience.longtask.sum|The sum of longtask durations|scaled_float| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.experience.tbt|The Total Blocking Time metric|scaled_float| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.id|The transaction ID.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|transaction.marks|A user-defined mapping of groups of marks in milliseconds.|object| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.marks.*.*||object| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.message.age.ms|Age of a message in milliseconds.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.message.queue.name|Name of the message queue or topic where the message is published or received.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.name|Generic designation of a transaction in the scope of a single service (eg. 'GET /users/:id').|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.result|The result of the transaction. HTTP status code for HTTP-related transactions.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.sampled|Transactions that are 'sampled' will include all available information. Transactions that are not sampled will not have spans or context.|boolean| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.self_time.count||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.self_time.sum.us||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.span_count.dropped|The total amount of dropped spans for this transaction.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.type|Keyword of specific relevance in the service's domain (eg. 'request', 'backgroundjob', etc)|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|url.domain|The hostname of the request, e.g. "example.com".|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|url.fragment|A fragment specifying a location in a web page , e.g. "top".|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|url.full|The full, possibly agent-assembled URL of the request, e.g https://example.com:443/search?q=elasticsearch#top.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|url.path|The path of the request, e.g. "/search".|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|url.port|The port of the request, e.g. 443.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|url.query|The query string of the request, e.g. "q=elasticsearch".|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|url.scheme|The protocol of the request, e.g. "https:".|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user.email|Email of the logged in user.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user.id|Identifier of the logged in user.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user.name|The username of the logged in user.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.device.name|Name of the device.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.name|Name of the user agent.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.original|Unparsed version of the user_agent.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.family|OS family (such as redhat, debian, freebsd, windows).|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.full|Operating system name, including the version or code name.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.kernel|Operating system kernel version as a raw string.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.name|Operating system name, without the version.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.platform|Operating system platform (such centos, ubuntu, windows).|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.version|Operating system version as a raw string.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.version|Version of the user agent.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|view spans||keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | + + +#### Examples + +```json +{ + "@timestamp": "2017-05-30T18:53:42.281Z", + "agent": { + "name": "elastic-node", + "version": "3.14.0" + }, + "container": { + "id": "container-id" + }, + "ecs": { + "version": "1.6.0" + }, + "event": { + "ingested": "2020-08-11T09:55:04.391451Z", + "outcome": "unknown" + }, + "host": { + "architecture": "x64", + "ip": "127.0.0.1", + "os": { + "platform": "darwin" + } + }, + "kubernetes": { + "namespace": "namespace1", + "pod": { + "name": "pod-name", + "uid": "pod-uid" + } + }, + "observer": { + "ephemeral_id": "f78f6762-2157-4322-95aa-aecd2f486c1a", + "hostname": "ix.lan", + "id": "80b79979-4a7d-450d-b2ce-75c589f7fffd", + "type": "apm-server", + "version": "8.0.0", + "version_major": 8 + }, + "process": { + "args": [ + "node", + "server.js" + ], + "pid": 1234, + "ppid": 6789, + "title": "node" + }, + "processor": { + "event": "transaction", + "name": "transaction" + }, + "service": { + "environment": "staging", + "framework": { + "name": "Express", + "version": "1.2.3" + }, + "language": { + "name": "ecmascript", + "version": "8" + }, + "name": "1234_service-12a3", + "node": { + "name": "container-id" + }, + "runtime": { + "name": "node", + "version": "8.0.0" + }, + "version": "5.1.3" + }, + "timestamp": { + "us": 1496170422281000 + }, + "trace": { + "id": "85925e55b43f4340aaaaaaaaaaaaaaaa" + }, + "transaction": { + "duration": { + "us": 13980 + }, + "id": "85925e55b43f4340", + "name": "GET /api/types", + "result": "failure", + "sampled": true, + "span_count": { + "started": 0 + }, + "type": "request" + }, + "user": { + "email": "foo@bar.com", + "id": "123user", + "name": "foo" + } +} +``` + +```json +{ + "@timestamp": "2017-05-30T18:53:27.154Z", + "agent": { + "name": "elastic-node", + "version": "3.14.0" + }, + "ecs": { + "version": "1.6.0" + }, + "event": { + "outcome": "unknown" + }, + "labels": { + "span_tag": "something" + }, + "observer": { + "ephemeral_id": "c0cea3b6-97d7-4e15-9e35-c868e7a3c869", + "hostname": "ix.lan", + "id": "a49b4a08-689a-4724-8050-8bd0ae043281", + "type": "apm-server", + "version": "8.0.0", + "version_major": 8 + }, + "parent": { + "id": "945254c567a5417e" + }, + "processor": { + "event": "span", + "name": "transaction" + }, + "service": { + "environment": "staging", + "name": "1234_service-12a3" + }, + "span": { + "action": "query", + "db": { + "instance": "customers", + "statement": "SELECT * FROM product_types WHERE user_id=?", + "type": "sql", + "user": { + "name": "readonly_user" + } + }, + "duration": { + "us": 3781 + }, + "http": { + "method": "GET", + "response": { + "status_code": 200 + }, + "url": { + "original": "http://localhost:8000" + } + }, + "id": "0aaaaaaaaaaaaaaa", + "name": "SELECT FROM product_types", + "stacktrace": [ + { + "abs_path": "net.js", + "context": { + "post": [ + " ins.currentTransaction = prev", + " return result", + "}" + ], + "pre": [ + " var trans = this.currentTransaction", + "" + ] + }, + "exclude_from_grouping": false, + "filename": "net.js", + "function": "onread", + "library_frame": true, + "line": { + "column": 4, + "context": "line3", + "number": 547 + }, + "module": "some module", + "vars": { + "key": "value" + } + }, + { + "exclude_from_grouping": false, + "filename": "my2file.js", + "line": { + "number": 10 + } + } + ], + "start": { + "us": 2830 + }, + "subtype": "postgresql", + "sync": false, + "type": "db" + }, + "timestamp": { + "us": 1496170407154000 + }, + "trace": { + "id": "945254c567a5417eaaaaaaaaaaaaaaaa" + }, + "transaction": { + "id": "945254c567a5417e" + } +} +``` + + +### Metrics + +Metrics include application-based metrics and some basic system metrics. +Metrics are written to `metrics-apm.*`, `metrics-apm.internal.*` and `metrics-apm.profiling.*` indices. + +**Exported Fields** + +| Field | Description | Type | ECS | +|---|---|---|:---:| +|@timestamp|Event timestamp.|date| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|data_stream.type|Data stream type.|constant_keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|data_stream.dataset|Data stream dataset.|constant_keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|data_stream.namespace|Data stream namespace.|constant_keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|agent.ephemeral_id|The Ephemeral ID identifies a running process.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|agent.name|Name of the agent used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|agent.version|Version of the agent used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|client.ip|IP address of the client of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address.|ip| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.account.id|Cloud account ID|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.account.name|Cloud account name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.availability_zone|Cloud availability zone name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.instance.id|Cloud instance/machine ID|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.instance.name|Cloud instance/machine name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.machine.type|Cloud instance/machine type|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.project.id|Cloud project ID|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.project.name|Cloud project name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.provider|Cloud provider name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.region|Cloud region name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|container.id|Unique container id.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|destination.address|Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|destination.ip|IP addess of the destination. Can be one of multiple IPv4 or IPv6 addresses.|ip| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|destination.port|Port of the destination.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|experimental|Additional experimental data sent by the agents.|object| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|host.architecture|The architecture of the host the event was recorded on.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|host.hostname|The hostname of the host the event was recorded on.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|host.ip|IP of the host that records the event.|ip| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|host.name|Name of the host the event was recorded on. It can contain same information as host.hostname or a name specified by the user.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|host.os.platform|The platform of the host the event was recorded on.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|kubernetes.namespace|Kubernetes namespace|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|kubernetes.node.name|Kubernetes node name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|kubernetes.pod.name|Kubernetes pod name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|kubernetes.pod.uid|Kubernetes Pod UID|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|labels|A flat mapping of user-defined labels with string, boolean or number values.|object| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|metricset.period||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|observer.hostname|Hostname of the APM Server.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|observer.listening|Address the server is listening on.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|observer.type|The type will be set to `apm-server`.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|observer.version|APM Server version.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|observer.version_major|Major version number of the observer|byte| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|process.args|Process arguments. May be filtered to protect sensitive information.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|process.pid|Numeric process ID of the service process.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|process.ppid|Numeric ID of the service's parent process.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|process.title|Service process title.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|processor.event|Processor event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|processor.name|Processor name.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.environment|Service environment.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.framework.name|Name of the framework used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.framework.version|Version of the framework used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.language.name|Name of the programming language used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.language.version|Version of the programming language used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.name|Immutable name of the service emitting this event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|service.node.name|Unique meaningful name of the service node.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|service.runtime.name|Name of the runtime used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.runtime.version|Version of the runtime used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.version|Version of the service emitting this event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|source.ip|IP address of the source of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address.|ip| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|system.cpu.total.norm.pct|The percentage of CPU time spent by the process since the last event. This value is normalized by the number of CPU cores and it ranges from 0 to 100%.|scaled_float| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|system.memory.actual.free|Actual free memory in bytes. It is calculated based on the OS. On Linux it consists of the free memory plus caches and buffers. On OSX it is a sum of free memory and the inactive memory. On Windows, it is equal to `system.memory.free`.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|system.memory.total|Total memory.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|system.process.cgroup.memory.mem.limit.bytes|Memory limit for the current cgroup slice.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|system.process.cgroup.memory.mem.usage.bytes|Memory usage by the current cgroup slice.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|system.process.cpu.total.norm.pct|The percentage of CPU time spent by the process since the last event. This value is normalized by the number of CPU cores and it ranges from 0 to 100%.|scaled_float| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|system.process.memory.rss.bytes|The Resident Set Size. The amount of memory the process occupied in main memory (RAM).|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|system.process.memory.size|The total virtual memory the process has.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|timestamp.us|Timestamp of the event in microseconds since Unix epoch.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|user.email|Email of the logged in user.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user.id|Identifier of the logged in user.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user.name|The username of the logged in user.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.device.name|Name of the device.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.name|Name of the user agent.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.original|Unparsed version of the user_agent.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.family|OS family (such as redhat, debian, freebsd, windows).|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.full|Operating system name, including the version or code name.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.kernel|Operating system kernel version as a raw string.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.name|Operating system name, without the version.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.platform|Operating system platform (such centos, ubuntu, windows).|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.version|Operating system version as a raw string.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.version|Version of the user agent.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | + + +#### Example + +```json +{ + "@timestamp": "2017-05-30T18:53:41.364Z", + "agent": { + "name": "elastic-node", + "version": "3.14.0" + }, + "ecs": { + "version": "1.6.0" + }, + "event": { + "ingested": "2020-04-22T14:55:05.425020Z" + }, + "go": { + "memstats": { + "heap": { + "sys": { + "bytes": 6520832 + } + } + } + }, + "host": { + "ip": "127.0.0.1" + }, + "labels": { + "tag1": "one", + "tag2": 2 + }, + "observer": { + "ephemeral_id": "8785cbe1-7f89-4279-84c2-6c33979531fb", + "hostname": "ix.lan", + "id": "b0cfe4b7-76c9-4159-95ff-e558db368cbe", + "type": "apm-server", + "version": "8.0.0", + "version_major": 8 + }, + "process": { + "pid": 1234 + }, + "processor": { + "event": "metric", + "name": "metric" + }, + "service": { + "language": { + "name": "ecmascript" + }, + "name": "1234_service-12a3", + "node": { + "name": "node-1" + } + }, + "user": { + "email": "user@mail.com", + "id": "axb123hg", + "name": "logged-in-user" + } +} +``` + +### Logs + +Logs are application log and error events. +Logs are written to `logs-apm.*` and `logs-apm.error.*` indices. + +**Exported Fields** + +| Field | Description | Type | ECS | +|---|---|---|:---:| +|@timestamp|Event timestamp.|date| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|data_stream.type|Data stream type.|constant_keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|data_stream.dataset|Data stream dataset.|constant_keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|data_stream.namespace|Data stream namespace.|constant_keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|agent.ephemeral_id|The Ephemeral ID identifies a running process.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|agent.name|Name of the agent used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|agent.version|Version of the agent used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|client.ip|IP address of the client of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address.|ip| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.account.id|Cloud account ID|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.account.name|Cloud account name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.availability_zone|Cloud availability zone name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.instance.id|Cloud instance/machine ID|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.instance.name|Cloud instance/machine name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.machine.type|Cloud instance/machine type|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.project.id|Cloud project ID|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.project.name|Cloud project name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.provider|Cloud provider name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|cloud.region|Cloud region name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|container.id|Unique container id.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|destination.address|Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|destination.ip|IP addess of the destination. Can be one of multiple IPv4 or IPv6 addresses.|ip| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|destination.port|Port of the destination.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|error.culprit|Function call which was the primary perpetrator of this event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|error.exception.code|The error code set when the error happened, e.g. database error code.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|error.exception.handled|Indicator whether the error was caught somewhere in the code or not.|boolean| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|error.exception.message|The original error message.|text| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|error.exception.module|The module namespace of the original error.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|error.exception.type||keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|error.grouping_key|GroupingKey of the logged error for use in grouping.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|error.id|The ID of the error.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|error.log.level|The severity of the record.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|error.log.logger_name|The name of the logger instance used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|error.log.message|The additionally logged error message.|text| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|error.log.param_message|A parametrized message. E.g. 'Could not connect to %s'. The property message is still required, and should be equal to the param_message, but with placeholders replaced. In some situations the param_message is used to group errors together.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|experimental|Additional experimental data sent by the agents.|object| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|host.architecture|The architecture of the host the event was recorded on.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|host.hostname|The hostname of the host the event was recorded on.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|host.ip|IP of the host that records the event.|ip| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|host.name|Name of the host the event was recorded on. It can contain same information as host.hostname or a name specified by the user.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|host.os.platform|The platform of the host the event was recorded on.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|http.request.headers|The canonical headers of the monitored HTTP request.|object| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|http.request.method|The http method of the request leading to this event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|http.request.referrer|Referrer for this HTTP request.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|http.response.finished|Used by the Node agent to indicate when in the response life cycle an error has occurred.|boolean| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|http.response.headers|The canonical headers of the monitored HTTP response.|object| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|http.response.status_code|The status code of the HTTP response.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|http.version|The http version of the request leading to this event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|kubernetes.namespace|Kubernetes namespace|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|kubernetes.node.name|Kubernetes node name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|kubernetes.pod.name|Kubernetes pod name|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|kubernetes.pod.uid|Kubernetes Pod UID|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|labels|A flat mapping of user-defined labels with string, boolean or number values.|object| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|observer.hostname|Hostname of the APM Server.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|observer.listening|Address the server is listening on.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|observer.type|The type will be set to `apm-server`.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|observer.version|APM Server version.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|observer.version_major|Major version number of the observer|byte| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|parent.id|The ID of the parent event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|process.args|Process arguments. May be filtered to protect sensitive information.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|process.pid|Numeric process ID of the service process.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|process.ppid|Numeric ID of the service's parent process.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|process.title|Service process title.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|processor.event|Processor event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|processor.name|Processor name.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.environment|Service environment.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.framework.name|Name of the framework used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.framework.version|Version of the framework used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.language.name|Name of the programming language used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.language.version|Version of the programming language used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.name|Immutable name of the service emitting this event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|service.node.name|Unique meaningful name of the service node.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|service.runtime.name|Name of the runtime used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.runtime.version|Version of the runtime used.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|service.version|Version of the service emitting this event.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|source.ip|IP address of the source of a recorded event. This is typically obtained from a request's X-Forwarded-For or the X-Real-IP header or falls back to a given configuration for remote address.|ip| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|timestamp.us|Timestamp of the event in microseconds since Unix epoch.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|trace.id|The ID of the trace to which the event belongs to.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|transaction.breakdown.count||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.duration.count||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.duration.sum.us||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.id|The transaction ID.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|transaction.name|Generic designation of a transaction in the scope of a single service (eg. 'GET /users/:id').|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.sampled|Transactions that are 'sampled' will include all available information. Transactions that are not sampled will not have spans or context.|boolean| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.self_time.count||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.self_time.sum.us||long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|transaction.type|Keyword of specific relevance in the service's domain (eg. 'request', 'backgroundjob', etc)|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-no.png) | +|url.domain|The hostname of the request, e.g. "example.com".|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|url.fragment|A fragment specifying a location in a web page , e.g. "top".|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|url.full|The full, possibly agent-assembled URL of the request, e.g https://example.com:443/search?q=elasticsearch#top.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|url.path|The path of the request, e.g. "/search".|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|url.port|The port of the request, e.g. 443.|long| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|url.query|The query string of the request, e.g. "q=elasticsearch".|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|url.scheme|The protocol of the request, e.g. "https:".|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user.email|Email of the logged in user.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user.id|Identifier of the logged in user.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user.name|The username of the logged in user.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.device.name|Name of the device.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.name|Name of the user agent.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.original|Unparsed version of the user_agent.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.family|OS family (such as redhat, debian, freebsd, windows).|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.full|Operating system name, including the version or code name.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.kernel|Operating system kernel version as a raw string.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.name|Operating system name, without the version.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.platform|Operating system platform (such centos, ubuntu, windows).|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.os.version|Operating system version as a raw string.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | +|user_agent.version|Version of the user agent.|keyword| ![](https://doc-icons.s3.us-east-2.amazonaws.com/icon-yes.png) | + + +#### Example + +```json +{ + "@timestamp": "2017-05-09T15:04:05.999Z", + "agent": { + "name": "elastic-node", + "version": "3.14.0" + }, + "container": { + "id": "container-id" + }, + "ecs": { + "version": "1.6.0" + }, + "error": { + "grouping_key": "d6b3f958dfea98dc9ed2b57d5f0c48bb", + "id": "0f0e9d67c1854d21a6f44673ed561ec8", + "log": { + "level": "custom log level", + "message": "Cannot read property 'baz' of undefined" + } + }, + "event": { + "ingested": "2020-04-22T14:52:08.436124Z" + }, + "host": { + "architecture": "x64", + "ip": "127.0.0.1", + "os": { + "platform": "darwin" + } + }, + "kubernetes": { + "namespace": "namespace1", + "pod": { + "name": "pod-name", + "uid": "pod-uid" + } + }, + "labels": { + "tag1": "one", + "tag2": 2 + }, + "observer": { + "ephemeral_id": "f1838cde-80dd-4af5-b7ac-ffc2d3fccc9d", + "hostname": "ix.lan", + "id": "5d4dc8fe-cb14-47ee-b720-d6bf49f87ef0", + "type": "apm-server", + "version": "8.0.0", + "version_major": 8 + }, + "process": { + "args": [ + "node", + "server.js" + ], + "pid": 1234, + "ppid": 7788, + "title": "node" + }, + "processor": { + "event": "error", + "name": "error" + }, + "service": { + "environment": "staging", + "framework": { + "name": "Express", + "version": "1.2.3" + }, + "language": { + "name": "ecmascript", + "version": "8" + }, + "name": "1234_service-12a3", + "node": { + "name": "myservice-node" + }, + "runtime": { + "name": "node", + "version": "8.0.0" + }, + "version": "5.1.3" + }, + "timestamp": { + "us": 1494342245999000 + } +} +``` diff --git a/packages/apm/0.1.0-dev.1/manifest.yml b/packages/apm/0.1.0-dev.1/manifest.yml new file mode 100644 index 0000000000..31e785ce39 --- /dev/null +++ b/packages/apm/0.1.0-dev.1/manifest.yml @@ -0,0 +1,30 @@ +format_version: 1.0.0 +name: apm +title: Elastic APM +version: 0.1.0-dev.1 +license: basic +description: Ingest APM data +type: integration +categories: + - monitoring +release: experimental # experimental / beta / ga +conditions: + kibana.version: '^7.11.0' +policy_templates: +- name: apmserver + title: Elastic APM Integration + description: Elastic APM Integration + inputs: + - type: apm + title: Collect application traces + description: Collect application traces + vars: + - name: enable_rum + type: bool + title: Enable RUM + required: true + show_user: true + default: false + template_path: template.yml.hbs +owner: + github: elastic/apm-server