You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ECS comes with a list of the following fields for log signal.
We can consider adding some or all of them to the Otel log's schema.
ECS fields
ECS Field
ECS Description
ECS Level
Otel
log.file.path
Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate.If the event wasn’t read from a log file, do not populate this field.type: keywordexample: /var/log/fun-times.log
extended
log.file.path
log.level
Original log level of the log event.If the source of the event provides a log level or textual severity, this is the one that goes in log.level. If your source doesn’t specify one, you may put your event transport’s severity here (e.g. Syslog severity).Some examples are warn, err, i, informational.type: keywordexample: error
The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name.type: keywordexample: org.elasticsearch.bootstrap.Bootstrap
core
log.origin.file.line
The line number of the file containing the source code which originated the log event.type: longexample: 42
The name of the file containing the source code which originated the log event.Note that this field is not meant to capture the log file. The correct field to capture the log file is log.file.path.type: keywordexample: Bootstrap.java
The Syslog numeric facility of the log event, if available.According to RFCs 5424 and 3164, this value should be an integer between 0 and 23.type: longexample: 23
The hostname, FQDN, or IP of the machine that originally sent the Syslog message. This is sourced from the hostname field of the syslog header. Depending on the environment, this value may be different from the host that handled the event, especially if the host handling the events is acting as a collector.type: keywordexample: example-host
Syslog numeric priority of the event, if available.According to RFCs 5424 and 3164, the priority is 8 * facility + severity. This number is therefore expected to contain a value between 0 and 191.type: longexample: 135
extended
log.syslog.procid
The process name or ID that originated the Syslog message, if available.type: keywordexample: 12345
extended
log.syslog.severity.code
The Syslog numeric severity of the log event, if available.If the event source publishing via Syslog provides a different numeric severity value (e.g. firewall, IDS), your source’s numeric severity should go to event.severity. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to event.severity.type: longexample: 3
The Syslog numeric severity of the log event, if available.If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source’s text severity should go to log.level. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to log.level.type: keywordexample: Error
Structured data expressed in RFC 5424 messages, if available. These are key-value pairs formed from the structured data portion of the syslog message, as defined in RFC 5424 Section 6.3.type: flattened
@ChrsMark In OTel, log.level is modeled as the protobuf fields (severity_number and severity_text) for the logs signal. So, not a semantic conventions attribute.
ECS comes with a list of the following fields for
log
signal.We can consider adding some or all of them to the Otel
log
's schema.ECS fields
cc: @AlexanderWert @kaiyan-sheng @mlunadia
The text was updated successfully, but these errors were encountered: