Skip to content

Instantly share code, notes, and snippets.

@brokensound77

brokensound77/_readme.md

Last active April 19, 2023 23:29
Show Gist options
  • Save brokensound77/bec61a286f7a77748c0af1c03b290648 to your computer and use it in GitHub Desktop.
Save brokensound77/bec61a286f7a77748c0af1c03b290648 to your computer and use it in GitHub Desktop.
Download ZIP
Elastic Schemas for detection rules
Raw
_readme.md

Elastic schemas

The full schemas for elastic endpoint on Windows, MacOS, and Linux.

Also includes schemas for all integrations used by Elastic detection rules, all of which are streamed via the elastic agent.

These are all already open sourced within the detection rules repo, where they are used for unit test validation (endpoint schemas will be there soon). We even have schemas for the beats modules (similar to integrations, but on beats).

The following integrations are included in the consolidated integrations schema

  • o365
  • kubernetes
  • endpoint
  • aws
  • apm
  • cyberarkpas
  • okta
  • system
  • windows
  • gcp
  • google_workspace
  • cloud_defend
  • azure

All of these schemas and more (rule schemas, etc.) can be found here, within the detection-rules repo.

Raw
elastic-endpoint-linux.json
{
"authentication": {
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"group.Ext.real.id": "long",
"group.Ext.real.name": "keyword",
"group.id": "long",
"group.name": "keyword",
"group.saved.id": "long",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.entity_id": "keyword",
"process.entry_leader.entity_id": "keyword",
"process.entry_leader.parent.entity_id": "keyword",
"process.executable": "keyword",
"process.group_leader.entity_id": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.parent.group_leader.entity_id": "keyword",
"process.pid": "long",
"process.session_leader.entity_id": "keyword",
"source.address": "keyword",
"user.Ext.real.id": "long",
"user.Ext.real.name": "keyword",
"user.id": "long",
"user.name": "keyword",
"user.saved.id": "long",
"user.target.id": "long",
"user.target.name": "keyword"
},
"file": {
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"file.Ext.original.path": "keyword",
"file.extension": "keyword",
"file.hash.md5": "keyword",
"file.hash.sha1": "keyword",
"file.hash.sha256": "keyword",
"file.inode": "long",
"file.name": "keyword",
"file.path": "keyword",
"group.Ext.real.id": "long",
"group.Ext.real.name": "keyword",
"group.id": "long",
"group.name": "keyword",
"group.saved.id": "long",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.entity_id": "keyword",
"process.entry_leader.entity_id": "keyword",
"process.entry_leader.parent.entity_id": "keyword",
"process.executable": "keyword",
"process.group_leader.entity_id": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.parent.group_leader.entity_id": "keyword",
"process.parent.pid": "long",
"process.pid": "long",
"process.session_leader.entity_id": "keyword",
"user.Ext.real.id": "long",
"user.Ext.real.name": "keyword",
"user.id": "long",
"user.name": "keyword",
"user.saved.id": "long"
},
"network": {
"at_timestamp": "date",
"destination.address": "keyword",
"destination.bytes": "integer",
"destination.ip": "keyword",
"destination.port": "long",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"group.Ext.real.id": "long",
"group.Ext.real.name": "keyword",
"group.id": "long",
"group.name": "keyword",
"group.saved.id": "long",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"network.direction": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"network.type": "keyword",
"process.Ext.ancestry": "keyword",
"process.entity_id": "keyword",
"process.entry_leader.entity_id": "keyword",
"process.entry_leader.parent.entity_id": "keyword",
"process.executable": "keyword",
"process.group_leader.entity_id": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.parent.group_leader.entity_id": "keyword",
"process.pid": "long",
"process.session_leader.entity_id": "keyword",
"source.address": "keyword",
"source.bytes": "integer",
"source.ip": "keyword",
"source.port": "long",
"user.Ext.real.id": "long",
"user.Ext.real.name": "keyword",
"user.id": "long",
"user.name": "keyword",
"user.saved.id": "long"
},
"process": {
"Target.process.entity_id": "keyword",
"Target.process.executable": "keyword",
"Target.process.name": "keyword",
"Target.process.pid": "long",
"at_timestamp": "date",
"cloud.account.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.hash.all": "keyword",
"container.image.name": "keyword",
"container.image.tag": "keyword",
"container.name": "keyword",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"group.Ext.real.id": "long",
"group.Ext.real.name": "keyword",
"group.id": "long",
"group.name": "keyword",
"group.saved.id": "long",
"host.ip": "keyword",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"orchestrator.cluster.id": "keyword",
"orchestrator.cluster.name": "keyword",
"orchestrator.namespace": "keyword",
"orchestrator.resource.ip": "keyword",
"orchestrator.resource.name": "keyword",
"orchestrator.resource.parent.type": "keyword",
"orchestrator.resource.type": "keyword",
"process.Ext.ancestry": "keyword",
"process.Ext.trusted": "boolean",
"process.Ext.trusted_descendant": "boolean",
"process.args": "keyword",
"process.args_count": "long",
"process.attested_groups": "nested",
"process.attested_user.id": "keyword",
"process.attested_user.name": "keyword",
"process.command_line": "keyword",
"process.end": "keyword",
"process.entity_id": "keyword",
"process.entry_leader.args": "keyword",
"process.entry_leader.args_count": "long",
"process.entry_leader.attested_groups": "nested",
"process.entry_leader.attested_user.id": "keyword",
"process.entry_leader.attested_user.name": "keyword",
"process.entry_leader.entity_id": "keyword",
"process.entry_leader.entry_meta.source.ip": "keyword",
"process.entry_leader.entry_meta.type": "keyword",
"process.entry_leader.executable": "keyword",
"process.entry_leader.group.id": "long",
"process.entry_leader.group.name": "keyword",
"process.entry_leader.interactive": "boolean",
"process.entry_leader.name": "keyword",
"process.entry_leader.parent.entity_id": "keyword",
"process.entry_leader.parent.pid": "long",
"process.entry_leader.parent.start": "keyword",
"process.entry_leader.pid": "long",
"process.entry_leader.real_group.id": "long",
"process.entry_leader.real_group.name": "keyword",
"process.entry_leader.real_user.id": "long",
"process.entry_leader.real_user.name": "keyword",
"process.entry_leader.same_as_process": "boolean",
"process.entry_leader.saved_group.id": "long",
"process.entry_leader.saved_group.name": "keyword",
"process.entry_leader.saved_user.id": "long",
"process.entry_leader.saved_user.name": "keyword",
"process.entry_leader.start": "keyword",
"process.entry_leader.supplemental_groups": "nested",
"process.entry_leader.tty.char_device.major": "long",
"process.entry_leader.tty.char_device.minor": "long",
"process.entry_leader.user.id": "long",
"process.entry_leader.user.name": "keyword",
"process.entry_leader.working_directory": "keyword",
"process.env_vars": "keyword",
"process.executable": "keyword",
"process.exit_code": "long",
"process.group.id": "long",
"process.group.name": "keyword",
"process.group_leader.args": "keyword",
"process.group_leader.args_count": "long",
"process.group_leader.entity_id": "keyword",
"process.group_leader.executable": "keyword",
"process.group_leader.group.id": "long",
"process.group_leader.group.name": "keyword",
"process.group_leader.interactive": "boolean",
"process.group_leader.name": "keyword",
"process.group_leader.pid": "long",
"process.group_leader.real_group.id": "long",
"process.group_leader.real_group.name": "keyword",
"process.group_leader.real_user.id": "long",
"process.group_leader.real_user.name": "keyword",
"process.group_leader.same_as_process": "boolean",
"process.group_leader.saved_group.id": "long",
"process.group_leader.saved_group.name": "keyword",
"process.group_leader.saved_user.id": "long",
"process.group_leader.saved_user.name": "keyword",
"process.group_leader.start": "keyword",
"process.group_leader.supplemental_groups": "nested",
"process.group_leader.tty.char_device.major": "long",
"process.group_leader.tty.char_device.minor": "long",
"process.group_leader.user.id": "long",
"process.group_leader.user.name": "keyword",
"process.group_leader.working_directory": "keyword",
"process.hash.md5": "keyword",
"process.hash.sha1": "keyword",
"process.hash.sha256": "keyword",
"process.interactive": "boolean",
"process.io.bytes_skipped": "nested",
"process.io.max_bytes_per_process_exceeded": "boolean",
"process.io.text": "keyword",
"process.io.total_bytes_captured": "long",
"process.io.total_bytes_skipped": "long",
"process.io.type": "keyword",
"process.name": "keyword",
"process.parent.args": "keyword",
"process.parent.args_count": "long",
"process.parent.command_line": "keyword",
"process.parent.entity_id": "keyword",
"process.parent.executable": "keyword",
"process.parent.group.id": "long",
"process.parent.group.name": "keyword",
"process.parent.group_leader.entity_id": "keyword",
"process.parent.group_leader.pid": "long",
"process.parent.group_leader.start": "keyword",
"process.parent.interactive": "boolean",
"process.parent.name": "keyword",
"process.parent.pid": "long",
"process.parent.real_group.id": "long",
"process.parent.real_group.name": "keyword",
"process.parent.real_user.id": "long",
"process.parent.real_user.name": "keyword",
"process.parent.saved_group.id": "long",
"process.parent.saved_group.name": "keyword",
"process.parent.saved_user.id": "long",
"process.parent.saved_user.name": "keyword",
"process.parent.start": "keyword",
"process.parent.supplemental_groups": "nested",
"process.parent.tty.char_device.major": "long",
"process.parent.tty.char_device.minor": "long",
"process.parent.user.id": "long",
"process.parent.user.name": "keyword",
"process.parent.working_directory": "keyword",
"process.pid": "long",
"process.previous": "nested",
"process.real_group.id": "long",
"process.real_group.name": "keyword",
"process.real_user.id": "long",
"process.real_user.name": "keyword",
"process.saved_group.id": "long",
"process.saved_group.name": "keyword",
"process.saved_user.id": "long",
"process.saved_user.name": "keyword",
"process.session_leader.args": "keyword",
"process.session_leader.args_count": "long",
"process.session_leader.entity_id": "keyword",
"process.session_leader.executable": "keyword",
"process.session_leader.group.id": "long",
"process.session_leader.group.name": "keyword",
"process.session_leader.interactive": "boolean",
"process.session_leader.name": "keyword",
"process.session_leader.pid": "long",
"process.session_leader.real_group.id": "long",
"process.session_leader.real_group.name": "keyword",
"process.session_leader.real_user.id": "long",
"process.session_leader.real_user.name": "keyword",
"process.session_leader.same_as_process": "boolean",
"process.session_leader.saved_group.id": "long",
"process.session_leader.saved_group.name": "keyword",
"process.session_leader.saved_user.id": "long",
"process.session_leader.saved_user.name": "keyword",
"process.session_leader.start": "keyword",
"process.session_leader.supplemental_groups": "nested",
"process.session_leader.tty.char_device.major": "long",
"process.session_leader.tty.char_device.minor": "long",
"process.session_leader.user.id": "long",
"process.session_leader.user.name": "keyword",
"process.session_leader.working_directory": "keyword",
"process.start": "keyword",
"process.supplemental_groups": "nested",
"process.tty.char_device.major": "long",
"process.tty.char_device.minor": "long",
"process.tty.columns": "long",
"process.tty.rows": "long",
"process.user.id": "long",
"process.user.name": "keyword",
"process.working_directory": "keyword",
"user.Ext.real.id": "long",
"user.Ext.real.name": "keyword",
"user.id": "long",
"user.name": "keyword",
"user.saved.id": "long"
},
"session": {
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"group.Ext.real.id": "long",
"group.Ext.real.name": "keyword",
"group.id": "long",
"group.name": "keyword",
"group.saved.id": "long",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.entity_id": "keyword",
"process.entry_leader.entity_id": "keyword",
"process.entry_leader.parent.entity_id": "keyword",
"process.executable": "keyword",
"process.group_leader.entity_id": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.parent.group_leader.entity_id": "keyword",
"process.pid": "long",
"process.session_leader.entity_id": "keyword",
"source.address": "keyword",
"user.Ext.real.id": "long",
"user.Ext.real.name": "keyword",
"user.id": "long",
"user.name": "keyword",
"user.saved.id": "long",
"user.target.id": "long",
"user.target.name": "keyword"
}
}
Raw
elastic-endpoint-macos.json
{
"authentication": {
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"group.Ext.real.id": "long",
"group.Ext.real.name": "keyword",
"group.id": "long",
"group.name": "keyword",
"group.saved.id": "long",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.code_signature.exists": "boolean",
"process.code_signature.signing_id": "keyword",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.team_id": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.pid": "long",
"source.address": "keyword",
"user.Ext.real.id": "long",
"user.Ext.real.name": "keyword",
"user.id": "long",
"user.name": "keyword",
"user.saved.id": "long",
"user.target.id": "long",
"user.target.name": "keyword"
},
"file": {
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"file.Ext.original.path": "keyword",
"file.attributes": "keyword",
"file.extension": "keyword",
"file.hash.md5": "keyword",
"file.hash.sha1": "keyword",
"file.hash.sha256": "keyword",
"file.inode": "long",
"file.name": "keyword",
"file.path": "keyword",
"file.size": "integer",
"group.Ext.real.id": "long",
"group.Ext.real.name": "keyword",
"group.id": "long",
"group.name": "keyword",
"group.saved.id": "long",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.code_signature.exists": "boolean",
"process.code_signature.signing_id": "keyword",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.team_id": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.parent.pid": "long",
"process.pid": "long",
"user.Ext.real.id": "long",
"user.Ext.real.name": "keyword",
"user.id": "long",
"user.name": "keyword",
"user.saved.id": "long"
},
"library": {
"at_timestamp": "date",
"dll.Ext.code_signature": "nested",
"dll.Ext.defense_evasions": "keyword",
"dll.Ext.device.bus_type": "keyword",
"dll.Ext.device.dos_name": "keyword",
"dll.Ext.device.file_system_type": "keyword",
"dll.Ext.device.nt_name": "keyword",
"dll.Ext.device.product_id": "keyword",
"dll.Ext.device.serial_number": "keyword",
"dll.Ext.device.vendor_id": "keyword",
"dll.Ext.device.volume_device_type": "keyword",
"dll.Ext.load_index": "long",
"dll.Ext.relative_file_creation_time": "float",
"dll.Ext.relative_file_name_modify_time": "float",
"dll.Ext.size": "long",
"dll.code_signature.exists": "boolean",
"dll.code_signature.status": "keyword",
"dll.code_signature.subject_name": "keyword",
"dll.code_signature.trusted": "boolean",
"dll.hash.md5": "keyword",
"dll.hash.sha1": "keyword",
"dll.hash.sha256": "keyword",
"dll.name": "keyword",
"dll.path": "keyword",
"dll.pe.file_version": "keyword",
"dll.pe.imphash": "keyword",
"dll.pe.original_file_name": "keyword",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"group.Ext.real.id": "long",
"group.Ext.real.name": "keyword",
"group.id": "long",
"group.name": "keyword",
"group.saved.id": "long",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.code_signature.exists": "boolean",
"process.code_signature.signing_id": "keyword",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.team_id": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.pid": "long",
"user.Ext.real.id": "long",
"user.Ext.real.name": "keyword",
"user.id": "long",
"user.name": "keyword",
"user.saved.id": "long"
},
"network": {
"at_timestamp": "date",
"destination.address": "keyword",
"destination.bytes": "integer",
"destination.ip": "keyword",
"destination.port": "long",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"group.Ext.real.id": "long",
"group.Ext.real.name": "keyword",
"group.id": "long",
"group.name": "keyword",
"group.saved.id": "long",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"network.direction": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"network.type": "keyword",
"process.Ext.ancestry": "keyword",
"process.code_signature.exists": "boolean",
"process.code_signature.signing_id": "keyword",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.team_id": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.pid": "long",
"source.address": "keyword",
"source.bytes": "integer",
"source.ip": "keyword",
"source.port": "long",
"user.Ext.real.id": "long",
"user.Ext.real.name": "keyword",
"user.id": "long",
"user.name": "keyword",
"user.saved.id": "long"
},
"persistence": {
"Persistence.args": "keyword",
"Persistence.executable": "keyword",
"Persistence.keepalive": "boolean",
"Persistence.name": "keyword",
"Persistence.path": "keyword",
"Persistence.runatload": "boolean",
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"group.Ext.real.id": "long",
"group.Ext.real.name": "keyword",
"group.id": "long",
"group.name": "keyword",
"group.saved.id": "long",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.code_signature.exists": "boolean",
"process.code_signature.signing_id": "keyword",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.team_id": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.pid": "long",
"user.Ext.real.id": "long",
"user.Ext.real.name": "keyword",
"user.id": "long",
"user.name": "keyword",
"user.saved.id": "long"
},
"process": {
"Target.process.entity_id": "keyword",
"Target.process.executable": "keyword",
"Target.process.name": "keyword",
"Target.process.pid": "long",
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"group.Ext.real.id": "long",
"group.Ext.real.name": "keyword",
"group.id": "long",
"group.name": "keyword",
"group.saved.id": "long",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.Ext.effective_parent.entity_id": "keyword",
"process.Ext.effective_parent.executable": "keyword",
"process.Ext.effective_parent.name": "keyword",
"process.Ext.effective_parent.pid": "long",
"process.Ext.trusted": "boolean",
"process.Ext.trusted_descendant": "boolean",
"process.args": "keyword",
"process.args_count": "long",
"process.code_signature.exists": "boolean",
"process.code_signature.signing_id": "keyword",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.team_id": "keyword",
"process.code_signature.trusted": "boolean",
"process.command_line": "keyword",
"process.entity_id": "keyword",
"process.env_vars": "keyword",
"process.executable": "keyword",
"process.exit_code": "long",
"process.hash.md5": "keyword",
"process.hash.sha1": "keyword",
"process.hash.sha256": "keyword",
"process.name": "keyword",
"process.parent.args": "keyword",
"process.parent.args_count": "long",
"process.parent.command_line": "keyword",
"process.parent.entity_id": "keyword",
"process.parent.executable": "keyword",
"process.parent.name": "keyword",
"process.parent.pid": "long",
"process.pid": "long",
"process.working_directory": "keyword",
"user.Ext.real.id": "long",
"user.Ext.real.name": "keyword",
"user.id": "long",
"user.name": "keyword",
"user.saved.id": "long"
},
"session": {
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"group.Ext.real.id": "long",
"group.Ext.real.name": "keyword",
"group.id": "long",
"group.name": "keyword",
"group.saved.id": "long",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.code_signature.exists": "boolean",
"process.code_signature.signing_id": "keyword",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.team_id": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.pid": "long",
"source.address": "keyword",
"user.Ext.real.id": "long",
"user.Ext.real.name": "keyword",
"user.id": "long",
"user.name": "keyword",
"user.saved.id": "long",
"user.target.id": "long",
"user.target.name": "keyword"
}
}
Raw
elastic-endpoint-windows.json
{
"authentication": {
"Effective_process.entity_id": "keyword",
"Effective_process.executable": "keyword",
"Effective_process.name": "keyword",
"Effective_process.pid": "long",
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.Ext.code_signature": "nested",
"process.code_signature.exists": "boolean",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.pid": "long",
"process.thread.Ext.call_stack": "nested",
"process.thread.Ext.call_stack_contains_unbacked": "boolean",
"process.thread.Ext.call_stack_final_user_module.code_signature": "nested",
"process.thread.Ext.call_stack_final_user_module.hash.sha256": "keyword",
"process.thread.Ext.call_stack_final_user_module.name": "keyword",
"process.thread.Ext.call_stack_final_user_module.path": "keyword",
"process.thread.Ext.call_stack_summary": "keyword",
"process.thread.id": "long",
"source.address": "keyword",
"user.domain": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user.target.id": "long",
"user.target.name": "keyword"
},
"credential_access": {
"Effective_process.entity_id": "keyword",
"Effective_process.executable": "keyword",
"Effective_process.name": "keyword",
"Effective_process.pid": "long",
"Target.process.name": "keyword",
"Target.process.pid": "long",
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.Ext.api.name": "keyword",
"process.Ext.api.parameters.desired_access": "keyword",
"process.Ext.api.parameters.desired_access_numeric": "long",
"process.Ext.api.parameters.handle_type": "keyword",
"process.Ext.code_signature": "nested",
"process.code_signature.exists": "boolean",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.pid": "long",
"process.thread.Ext.call_stack": "nested",
"process.thread.Ext.call_stack_contains_unbacked": "boolean",
"process.thread.Ext.call_stack_final_user_module.code_signature": "nested",
"process.thread.Ext.call_stack_final_user_module.hash.sha256": "keyword",
"process.thread.Ext.call_stack_final_user_module.name": "keyword",
"process.thread.Ext.call_stack_final_user_module.path": "keyword",
"process.thread.Ext.call_stack_summary": "keyword",
"process.thread.id": "long",
"user.domain": "keyword",
"user.id": "keyword",
"user.name": "keyword"
},
"dns": {
"Effective_process.entity_id": "keyword",
"Effective_process.executable": "keyword",
"Effective_process.name": "keyword",
"Effective_process.pid": "long",
"at_timestamp": "date",
"destination.port": "long",
"dns.Ext.options": "long",
"dns.Ext.status": "long",
"dns.question.name": "keyword",
"dns.question.type": "keyword",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"network.destination.port": "long",
"network.protocol": "keyword",
"process.Ext.ancestry": "keyword",
"process.Ext.code_signature": "nested",
"process.code_signature.exists": "boolean",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.pid": "long",
"process.thread.Ext.call_stack": "nested",
"process.thread.Ext.call_stack_contains_unbacked": "boolean",
"process.thread.Ext.call_stack_final_user_module.code_signature": "nested",
"process.thread.Ext.call_stack_final_user_module.hash.sha256": "keyword",
"process.thread.Ext.call_stack_final_user_module.name": "keyword",
"process.thread.Ext.call_stack_final_user_module.path": "keyword",
"process.thread.Ext.call_stack_summary": "keyword",
"process.thread.id": "long",
"user.domain": "keyword",
"user.id": "keyword",
"user.name": "keyword"
},
"file": {
"Effective_process.entity_id": "keyword",
"Effective_process.executable": "keyword",
"Effective_process.name": "keyword",
"Effective_process.pid": "long",
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"file.Ext.device.bus_type": "keyword",
"file.Ext.device.dos_name": "keyword",
"file.Ext.device.file_system_type": "keyword",
"file.Ext.device.nt_name": "keyword",
"file.Ext.device.product_id": "keyword",
"file.Ext.device.serial_number": "keyword",
"file.Ext.device.vendor_id": "keyword",
"file.Ext.device.volume_device_type": "keyword",
"file.Ext.entropy": "float",
"file.Ext.header_bytes": "keyword",
"file.Ext.header_data": "text",
"file.Ext.monotonic_id": "long",
"file.Ext.original.name": "keyword",
"file.Ext.original.path": "keyword",
"file.Ext.windows.zone_identifier": "integer",
"file.extension": "keyword",
"file.hash.md5": "keyword",
"file.hash.sha1": "keyword",
"file.hash.sha256": "keyword",
"file.inode": "long",
"file.name": "keyword",
"file.path": "keyword",
"file.size": "integer",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.Ext.code_signature": "nested",
"process.code_signature.exists": "boolean",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.parent.pid": "long",
"process.pid": "long",
"process.thread.Ext.call_stack": "nested",
"process.thread.Ext.call_stack_contains_unbacked": "boolean",
"process.thread.Ext.call_stack_final_user_module.code_signature": "nested",
"process.thread.Ext.call_stack_final_user_module.hash.sha256": "keyword",
"process.thread.Ext.call_stack_final_user_module.name": "keyword",
"process.thread.Ext.call_stack_final_user_module.path": "keyword",
"process.thread.Ext.call_stack_summary": "keyword",
"process.thread.id": "long",
"user.domain": "keyword",
"user.id": "keyword",
"user.name": "keyword"
},
"library": {
"Effective_process.entity_id": "keyword",
"Effective_process.executable": "keyword",
"Effective_process.name": "keyword",
"Effective_process.pid": "long",
"at_timestamp": "date",
"dll.Ext.code_signature": "nested",
"dll.Ext.defense_evasions": "keyword",
"dll.Ext.device.bus_type": "keyword",
"dll.Ext.device.dos_name": "keyword",
"dll.Ext.device.file_system_type": "keyword",
"dll.Ext.device.nt_name": "keyword",
"dll.Ext.device.product_id": "keyword",
"dll.Ext.device.serial_number": "keyword",
"dll.Ext.device.vendor_id": "keyword",
"dll.Ext.device.volume_device_type": "keyword",
"dll.Ext.load_index": "long",
"dll.Ext.relative_file_creation_time": "float",
"dll.Ext.relative_file_name_modify_time": "float",
"dll.Ext.size": "long",
"dll.code_signature.exists": "boolean",
"dll.code_signature.status": "keyword",
"dll.code_signature.subject_name": "keyword",
"dll.code_signature.trusted": "boolean",
"dll.hash.md5": "keyword",
"dll.hash.sha1": "keyword",
"dll.hash.sha256": "keyword",
"dll.name": "keyword",
"dll.path": "keyword",
"dll.pe.file_version": "keyword",
"dll.pe.imphash": "keyword",
"dll.pe.original_file_name": "keyword",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.Ext.code_signature": "nested",
"process.code_signature.exists": "boolean",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.pid": "long",
"process.thread.Ext.call_stack": "nested",
"process.thread.Ext.call_stack_contains_unbacked": "boolean",
"process.thread.Ext.call_stack_final_user_module.code_signature": "nested",
"process.thread.Ext.call_stack_final_user_module.hash.sha256": "keyword",
"process.thread.Ext.call_stack_final_user_module.name": "keyword",
"process.thread.Ext.call_stack_final_user_module.path": "keyword",
"process.thread.Ext.call_stack_summary": "keyword",
"process.thread.id": "long",
"user.domain": "keyword",
"user.id": "keyword",
"user.name": "keyword"
},
"network": {
"Effective_process.entity_id": "keyword",
"Effective_process.executable": "keyword",
"Effective_process.name": "keyword",
"Effective_process.pid": "long",
"at_timestamp": "date",
"destination.address": "keyword",
"destination.bytes": "integer",
"destination.ip": "keyword",
"destination.port": "long",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"host.os.name": "keyword",
"host.os.type": "keyword",
"http.request.body.bytes": "long",
"http.request.body.content": "keyword",
"message": "keyword",
"network.direction": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"network.type": "keyword",
"process.Ext.ancestry": "keyword",
"process.Ext.code_signature": "nested",
"process.code_signature.exists": "boolean",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.pid": "long",
"process.thread.Ext.call_stack": "nested",
"process.thread.Ext.call_stack_contains_unbacked": "boolean",
"process.thread.Ext.call_stack_final_user_module.code_signature": "nested",
"process.thread.Ext.call_stack_final_user_module.hash.sha256": "keyword",
"process.thread.Ext.call_stack_final_user_module.name": "keyword",
"process.thread.Ext.call_stack_final_user_module.path": "keyword",
"process.thread.Ext.call_stack_summary": "keyword",
"process.thread.id": "long",
"source.address": "keyword",
"source.bytes": "integer",
"source.ip": "keyword",
"source.port": "long",
"user.domain": "keyword",
"user.id": "keyword",
"user.name": "keyword"
},
"process": {
"Effective_process.entity_id": "keyword",
"Effective_process.executable": "keyword",
"Effective_process.name": "keyword",
"Effective_process.pid": "long",
"Target.process.entity_id": "keyword",
"Target.process.executable": "keyword",
"Target.process.name": "keyword",
"Target.process.pid": "long",
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.Ext.authentication_id": "keyword",
"process.Ext.code_signature": "nested",
"process.Ext.defense_evasions": "keyword",
"process.Ext.device.bus_type": "keyword",
"process.Ext.device.dos_name": "keyword",
"process.Ext.device.file_system_type": "keyword",
"process.Ext.device.nt_name": "keyword",
"process.Ext.device.product_id": "keyword",
"process.Ext.device.serial_number": "keyword",
"process.Ext.device.vendor_id": "keyword",
"process.Ext.device.volume_device_type": "keyword",
"process.Ext.effective_parent.entity_id": "keyword",
"process.Ext.effective_parent.executable": "keyword",
"process.Ext.effective_parent.name": "keyword",
"process.Ext.effective_parent.pid": "long",
"process.Ext.mitigation_policies": "keyword",
"process.Ext.protection": "keyword",
"process.Ext.relative_file_creation_time": "float",
"process.Ext.relative_file_name_modify_time": "float",
"process.Ext.session_info.authentication_package": "keyword",
"process.Ext.session_info.client_address": "keyword",
"process.Ext.session_info.id": "long",
"process.Ext.session_info.logon_type": "keyword",
"process.Ext.session_info.relative_logon_time": "float",
"process.Ext.session_info.relative_password_age": "float",
"process.Ext.session_info.user_flags": "keyword",
"process.Ext.token.elevation_level": "keyword",
"process.Ext.token.integrity_level_name": "keyword",
"process.Ext.token.security_attributes": "keyword",
"process.Ext.trusted": "boolean",
"process.Ext.trusted_descendant": "boolean",
"process.args": "keyword",
"process.args_count": "long",
"process.code_signature.exists": "boolean",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.trusted": "boolean",
"process.command_line": "keyword",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.exit_code": "long",
"process.hash.md5": "keyword",
"process.hash.sha1": "keyword",
"process.hash.sha256": "keyword",
"process.name": "keyword",
"process.parent.Ext.real.entity_id": "keyword",
"process.parent.Ext.real.pid": "long",
"process.parent.args": "keyword",
"process.parent.args_count": "long",
"process.parent.command_line": "keyword",
"process.parent.entity_id": "keyword",
"process.parent.executable": "keyword",
"process.parent.name": "keyword",
"process.parent.pid": "long",
"process.parent.thread.Ext.call_stack": "nested",
"process.parent.thread.Ext.call_stack_contains_unbacked": "boolean",
"process.parent.thread.Ext.call_stack_final_user_module.code_signature": "nested",
"process.parent.thread.Ext.call_stack_final_user_module.hash.sha256": "keyword",
"process.parent.thread.Ext.call_stack_final_user_module.name": "keyword",
"process.parent.thread.Ext.call_stack_final_user_module.path": "keyword",
"process.parent.thread.Ext.call_stack_summary": "keyword",
"process.pe.imphash": "keyword",
"process.pe.original_file_name": "keyword",
"process.pid": "long",
"process.thread.Ext.call_stack": "nested",
"process.thread.Ext.call_stack_contains_unbacked": "boolean",
"process.thread.Ext.call_stack_final_user_module.code_signature": "nested",
"process.thread.Ext.call_stack_final_user_module.hash.sha256": "keyword",
"process.thread.Ext.call_stack_final_user_module.name": "keyword",
"process.thread.Ext.call_stack_final_user_module.path": "keyword",
"process.thread.Ext.call_stack_summary": "keyword",
"process.thread.id": "long",
"process.working_directory": "keyword",
"user.domain": "keyword",
"user.id": "keyword",
"user.name": "keyword"
},
"registry": {
"Effective_process.entity_id": "keyword",
"Effective_process.executable": "keyword",
"Effective_process.name": "keyword",
"Effective_process.pid": "long",
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.Ext.code_signature": "nested",
"process.code_signature.exists": "boolean",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.pid": "long",
"process.thread.Ext.call_stack": "nested",
"process.thread.Ext.call_stack_contains_unbacked": "boolean",
"process.thread.Ext.call_stack_final_user_module.code_signature": "nested",
"process.thread.Ext.call_stack_final_user_module.hash.sha256": "keyword",
"process.thread.Ext.call_stack_final_user_module.name": "keyword",
"process.thread.Ext.call_stack_final_user_module.path": "keyword",
"process.thread.Ext.call_stack_summary": "keyword",
"process.thread.id": "long",
"registry.data.bytes": "keyword",
"registry.data.strings": "keyword",
"registry.data.type": "keyword",
"registry.hive": "keyword",
"registry.key": "keyword",
"registry.path": "keyword",
"registry.value": "keyword",
"user.domain": "keyword",
"user.id": "keyword",
"user.name": "keyword"
},
"session": {
"Effective_process.entity_id": "keyword",
"Effective_process.executable": "keyword",
"Effective_process.name": "keyword",
"Effective_process.pid": "long",
"at_timestamp": "date",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.outcome": "keyword",
"event.type": "keyword",
"host.os.name": "keyword",
"host.os.type": "keyword",
"message": "keyword",
"process.Ext.ancestry": "keyword",
"process.Ext.code_signature": "nested",
"process.code_signature.exists": "boolean",
"process.code_signature.status": "keyword",
"process.code_signature.subject_name": "keyword",
"process.code_signature.trusted": "boolean",
"process.entity_id": "keyword",
"process.executable": "keyword",
"process.name": "keyword",
"process.parent.entity_id": "keyword",
"process.pid": "long",
"process.thread.Ext.call_stack": "nested",
"process.thread.Ext.call_stack_contains_unbacked": "boolean",
"process.thread.Ext.call_stack_final_user_module.code_signature": "nested",
"process.thread.Ext.call_stack_final_user_module.hash.sha256": "keyword",
"process.thread.Ext.call_stack_final_user_module.name": "keyword",
"process.thread.Ext.call_stack_final_user_module.path": "keyword",
"process.thread.Ext.call_stack_summary": "keyword",
"process.thread.id": "long",
"source.address": "keyword",
"user.domain": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user.target.id": "long",
"user.target.name": "keyword"
}
}
Raw
elastic-integrations.json
This file has been truncated, but you can view the full file.
{
"apm": {
"7.16.0": {
"app_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"system.cpu.total.norm.pct": "scaled_float",
"system.memory.actual.free": "long",
"system.memory.total": "long",
"system.process.cgroup.cpu.cfs.period.us": "long",
"system.process.cgroup.cpu.cfs.quota.us": "long",
"system.process.cgroup.cpu.id": "keyword",
"system.process.cgroup.cpu.stats.periods": "long",
"system.process.cgroup.cpu.stats.throttled.ns": "long",
"system.process.cgroup.cpu.stats.throttled.periods": "long",
"system.process.cgroup.cpuacct.id": "keyword",
"system.process.cgroup.cpuacct.total.ns": "long",
"system.process.cgroup.memory.mem.limit.bytes": "long",
"system.process.cgroup.memory.mem.usage.bytes": "long",
"system.process.cpu.total.norm.pct": "scaled_float",
"system.process.memory.rss.bytes": "long",
"system.process.memory.size": "long",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"error_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.culprit": "keyword",
"error.exception.code": "keyword",
"error.exception.handled": "boolean",
"error.exception.message": "text",
"error.exception.module": "keyword",
"error.exception.type": "keyword",
"error.grouping_key": "keyword",
"error.grouping_name": "keyword",
"error.log.level": "keyword",
"error.log.logger_name": "keyword",
"error.log.message": "text",
"error.log.param_message": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"message": "match_only_text",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.id": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.id": "keyword",
"transaction.sampled": "boolean",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"internal_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.destination.service.resource": "keyword",
"span.destination.service.response_time.count": "long",
"span.destination.service.response_time.sum.us": "long",
"span.self_time.count": "long",
"span.self_time.sum.us": "long",
"span.subtype": "keyword",
"span.type": "keyword",
"timeseries.instance": "keyword",
"transaction.duration.histogram": "histogram",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.root": "boolean",
"transaction.sampled": "boolean",
"transaction.self_time.count": "long",
"transaction.self_time.sum.us": "long",
"transaction.type": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"profile_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"profile.alloc_objects.count": "long",
"profile.alloc_space.bytes": "long",
"profile.cpu.ns": "long",
"profile.duration": "long",
"profile.id": "keyword",
"profile.inuse_objects.count": "long",
"profile.inuse_space.bytes": "long",
"profile.samples.count": "long",
"profile.stack.filename": "keyword",
"profile.stack.function": "keyword",
"profile.stack.id": "keyword",
"profile.stack.line": "long",
"profile.top.filename": "keyword",
"profile.top.function": "keyword",
"profile.top.id": "keyword",
"profile.top.line": "long",
"profile.wall.us": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sampled_traces": {
"@timestamp": "date",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"event.ingested": "date",
"observer.id": "keyword",
"trace.id": "keyword"
},
"traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.start.us": "long",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
}
},
"7.16.1": {
"app_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"system.cpu.total.norm.pct": "scaled_float",
"system.memory.actual.free": "long",
"system.memory.total": "long",
"system.process.cgroup.cpu.cfs.period.us": "long",
"system.process.cgroup.cpu.cfs.quota.us": "long",
"system.process.cgroup.cpu.id": "keyword",
"system.process.cgroup.cpu.stats.periods": "long",
"system.process.cgroup.cpu.stats.throttled.ns": "long",
"system.process.cgroup.cpu.stats.throttled.periods": "long",
"system.process.cgroup.cpuacct.id": "keyword",
"system.process.cgroup.cpuacct.total.ns": "long",
"system.process.cgroup.memory.mem.limit.bytes": "long",
"system.process.cgroup.memory.mem.usage.bytes": "long",
"system.process.cpu.total.norm.pct": "scaled_float",
"system.process.memory.rss.bytes": "long",
"system.process.memory.size": "long",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"error_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.culprit": "keyword",
"error.exception.code": "keyword",
"error.exception.handled": "boolean",
"error.exception.message": "text",
"error.exception.module": "keyword",
"error.exception.type": "keyword",
"error.grouping_key": "keyword",
"error.grouping_name": "keyword",
"error.log.level": "keyword",
"error.log.logger_name": "keyword",
"error.log.message": "text",
"error.log.param_message": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"message": "match_only_text",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.id": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.id": "keyword",
"transaction.sampled": "boolean",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"internal_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"agent_config_applied": "long",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.destination.service.resource": "keyword",
"span.destination.service.response_time.count": "long",
"span.destination.service.response_time.sum.us": "long",
"span.self_time.count": "long",
"span.self_time.sum.us": "long",
"span.subtype": "keyword",
"span.type": "keyword",
"timeseries.instance": "keyword",
"transaction.duration.histogram": "histogram",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.root": "boolean",
"transaction.sampled": "boolean",
"transaction.self_time.count": "long",
"transaction.self_time.sum.us": "long",
"transaction.type": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"profile_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"profile.alloc_objects.count": "long",
"profile.alloc_space.bytes": "long",
"profile.cpu.ns": "long",
"profile.duration": "long",
"profile.id": "keyword",
"profile.inuse_objects.count": "long",
"profile.inuse_space.bytes": "long",
"profile.samples.count": "long",
"profile.stack.filename": "keyword",
"profile.stack.function": "keyword",
"profile.stack.id": "keyword",
"profile.stack.line": "long",
"profile.top.filename": "keyword",
"profile.top.function": "keyword",
"profile.top.id": "keyword",
"profile.top.line": "long",
"profile.wall.us": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sampled_traces": {
"@timestamp": "date",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"event.ingested": "date",
"observer.id": "keyword",
"trace.id": "keyword"
},
"traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.start.us": "long",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
}
},
"7.16.2": {
"app_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.action": "keyword",
"event.outcome": "keyword",
"event.severity": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"log.level": "keyword",
"message": "match_only_text",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.id": "keyword",
"trace.id": "keyword",
"transaction.id": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"app_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"system.cpu.total.norm.pct": "scaled_float",
"system.memory.actual.free": "long",
"system.memory.total": "long",
"system.process.cgroup.cpu.cfs.period.us": "long",
"system.process.cgroup.cpu.cfs.quota.us": "long",
"system.process.cgroup.cpu.id": "keyword",
"system.process.cgroup.cpu.stats.periods": "long",
"system.process.cgroup.cpu.stats.throttled.ns": "long",
"system.process.cgroup.cpu.stats.throttled.periods": "long",
"system.process.cgroup.cpuacct.id": "keyword",
"system.process.cgroup.cpuacct.total.ns": "long",
"system.process.cgroup.memory.mem.limit.bytes": "long",
"system.process.cgroup.memory.mem.usage.bytes": "long",
"system.process.cpu.total.norm.pct": "scaled_float",
"system.process.memory.rss.bytes": "long",
"system.process.memory.size": "long",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"error_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.culprit": "keyword",
"error.exception.code": "keyword",
"error.exception.handled": "boolean",
"error.exception.message": "text",
"error.exception.module": "keyword",
"error.exception.type": "keyword",
"error.grouping_key": "keyword",
"error.grouping_name": "keyword",
"error.log.level": "keyword",
"error.log.logger_name": "keyword",
"error.log.message": "text",
"error.log.param_message": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"message": "match_only_text",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.id": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.id": "keyword",
"transaction.sampled": "boolean",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"internal_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"agent_config_applied": "long",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.destination.service.resource": "keyword",
"span.destination.service.response_time.count": "long",
"span.destination.service.response_time.sum.us": "long",
"span.self_time.count": "long",
"span.self_time.sum.us": "long",
"span.subtype": "keyword",
"span.type": "keyword",
"timeseries.instance": "keyword",
"transaction.duration.histogram": "histogram",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.root": "boolean",
"transaction.sampled": "boolean",
"transaction.self_time.count": "long",
"transaction.self_time.sum.us": "long",
"transaction.type": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"profile_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"profile.alloc_objects.count": "long",
"profile.alloc_space.bytes": "long",
"profile.cpu.ns": "long",
"profile.duration": "long",
"profile.id": "keyword",
"profile.inuse_objects.count": "long",
"profile.inuse_space.bytes": "long",
"profile.samples.count": "long",
"profile.stack.filename": "keyword",
"profile.stack.function": "keyword",
"profile.stack.id": "keyword",
"profile.stack.line": "long",
"profile.top.filename": "keyword",
"profile.top.function": "keyword",
"profile.top.id": "keyword",
"profile.top.line": "long",
"profile.wall.us": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sampled_traces": {
"@timestamp": "date",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"event.ingested": "date",
"observer.id": "keyword",
"trace.id": "keyword"
},
"traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.start.us": "long",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
}
},
"7.17.0": {
"app_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.action": "keyword",
"event.outcome": "keyword",
"event.severity": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"log.level": "keyword",
"message": "match_only_text",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.id": "keyword",
"trace.id": "keyword",
"transaction.id": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"app_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"system.cpu.total.norm.pct": "scaled_float",
"system.memory.actual.free": "long",
"system.memory.total": "long",
"system.process.cgroup.cpu.cfs.period.us": "long",
"system.process.cgroup.cpu.cfs.quota.us": "long",
"system.process.cgroup.cpu.id": "keyword",
"system.process.cgroup.cpu.stats.periods": "long",
"system.process.cgroup.cpu.stats.throttled.ns": "long",
"system.process.cgroup.cpu.stats.throttled.periods": "long",
"system.process.cgroup.cpuacct.id": "keyword",
"system.process.cgroup.cpuacct.total.ns": "long",
"system.process.cgroup.memory.mem.limit.bytes": "long",
"system.process.cgroup.memory.mem.usage.bytes": "long",
"system.process.cpu.total.norm.pct": "scaled_float",
"system.process.memory.rss.bytes": "long",
"system.process.memory.size": "long",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"error_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.culprit": "keyword",
"error.exception.code": "keyword",
"error.exception.handled": "boolean",
"error.exception.message": "text",
"error.exception.module": "keyword",
"error.exception.type": "keyword",
"error.grouping_key": "keyword",
"error.grouping_name": "keyword",
"error.id": "keyword",
"error.log.level": "keyword",
"error.log.logger_name": "keyword",
"error.log.message": "text",
"error.log.param_message": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"message": "match_only_text",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.id": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.id": "keyword",
"transaction.sampled": "boolean",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"internal_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"agent_config_applied": "long",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.destination.service.resource": "keyword",
"span.destination.service.response_time.count": "long",
"span.destination.service.response_time.sum.us": "long",
"span.self_time.count": "long",
"span.self_time.sum.us": "long",
"span.subtype": "keyword",
"span.type": "keyword",
"timeseries.instance": "keyword",
"transaction.duration.histogram": "histogram",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.root": "boolean",
"transaction.sampled": "boolean",
"transaction.self_time.count": "long",
"transaction.self_time.sum.us": "long",
"transaction.type": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"profile_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"profile.alloc_objects.count": "long",
"profile.alloc_space.bytes": "long",
"profile.cpu.ns": "long",
"profile.duration": "long",
"profile.id": "keyword",
"profile.inuse_objects.count": "long",
"profile.inuse_space.bytes": "long",
"profile.samples.count": "long",
"profile.stack.filename": "keyword",
"profile.stack.function": "keyword",
"profile.stack.id": "keyword",
"profile.stack.line": "long",
"profile.top.filename": "keyword",
"profile.top.function": "keyword",
"profile.top.id": "keyword",
"profile.top.line": "long",
"profile.wall.us": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sampled_traces": {
"@timestamp": "date",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"event.ingested": "date",
"observer.id": "keyword",
"trace.id": "keyword"
},
"traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.start.us": "long",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
}
},
"8.0.0": {
"app_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.action": "keyword",
"event.outcome": "keyword",
"event.severity": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"log.level": "keyword",
"message": "match_only_text",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.id": "keyword",
"trace.id": "keyword",
"transaction.id": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"app_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"system.cpu.total.norm.pct": "scaled_float",
"system.memory.actual.free": "long",
"system.memory.total": "long",
"system.process.cgroup.cpu.cfs.period.us": "long",
"system.process.cgroup.cpu.cfs.quota.us": "long",
"system.process.cgroup.cpu.id": "keyword",
"system.process.cgroup.cpu.stats.periods": "long",
"system.process.cgroup.cpu.stats.throttled.ns": "long",
"system.process.cgroup.cpu.stats.throttled.periods": "long",
"system.process.cgroup.cpuacct.id": "keyword",
"system.process.cgroup.cpuacct.total.ns": "long",
"system.process.cgroup.memory.mem.limit.bytes": "long",
"system.process.cgroup.memory.mem.usage.bytes": "long",
"system.process.cpu.total.norm.pct": "scaled_float",
"system.process.memory.rss.bytes": "long",
"system.process.memory.size": "long",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"error_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.culprit": "keyword",
"error.exception.code": "keyword",
"error.exception.handled": "boolean",
"error.exception.message": "text",
"error.exception.module": "keyword",
"error.exception.type": "keyword",
"error.grouping_key": "keyword",
"error.grouping_name": "keyword",
"error.id": "keyword",
"error.log.level": "keyword",
"error.log.logger_name": "keyword",
"error.log.message": "text",
"error.log.param_message": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"message": "match_only_text",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.id": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.id": "keyword",
"transaction.name": "keyword",
"transaction.sampled": "boolean",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"internal_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"agent_config_applied": "long",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.destination.service.resource": "keyword",
"span.destination.service.response_time.count": "long",
"span.destination.service.response_time.sum.us": "long",
"span.self_time.count": "long",
"span.self_time.sum.us": "long",
"span.subtype": "keyword",
"span.type": "keyword",
"timeseries.instance": "keyword",
"transaction.duration.histogram": "histogram",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.root": "boolean",
"transaction.sampled": "boolean",
"transaction.self_time.count": "long",
"transaction.self_time.sum.us": "long",
"transaction.type": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"profile_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"profile.alloc_objects.count": "long",
"profile.alloc_space.bytes": "long",
"profile.cpu.ns": "long",
"profile.duration": "long",
"profile.id": "keyword",
"profile.inuse_objects.count": "long",
"profile.inuse_space.bytes": "long",
"profile.samples.count": "long",
"profile.stack.filename": "keyword",
"profile.stack.function": "keyword",
"profile.stack.id": "keyword",
"profile.stack.line": "long",
"profile.top.filename": "keyword",
"profile.top.function": "keyword",
"profile.top.id": "keyword",
"profile.top.line": "long",
"profile.wall.us": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"rum_traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sampled_traces": {
"@timestamp": "date",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"event.ingested": "date",
"observer.id": "keyword",
"trace.id": "keyword"
},
"traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
}
},
"8.1.0": {
"app_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.action": "keyword",
"event.outcome": "keyword",
"event.severity": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"log.level": "keyword",
"message": "match_only_text",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.id": "keyword",
"trace.id": "keyword",
"transaction.id": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"app_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"system.cpu.total.norm.pct": "scaled_float",
"system.memory.actual.free": "long",
"system.memory.total": "long",
"system.process.cgroup.cpu.cfs.period.us": "long",
"system.process.cgroup.cpu.cfs.quota.us": "long",
"system.process.cgroup.cpu.id": "keyword",
"system.process.cgroup.cpu.stats.periods": "long",
"system.process.cgroup.cpu.stats.throttled.ns": "long",
"system.process.cgroup.cpu.stats.throttled.periods": "long",
"system.process.cgroup.cpuacct.id": "keyword",
"system.process.cgroup.cpuacct.total.ns": "long",
"system.process.cgroup.memory.mem.limit.bytes": "long",
"system.process.cgroup.memory.mem.usage.bytes": "long",
"system.process.cpu.total.norm.pct": "scaled_float",
"system.process.memory.rss.bytes": "long",
"system.process.memory.size": "long",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"error_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.culprit": "keyword",
"error.exception.code": "keyword",
"error.exception.handled": "boolean",
"error.exception.message": "text",
"error.exception.module": "keyword",
"error.exception.type": "keyword",
"error.grouping_key": "keyword",
"error.grouping_name": "keyword",
"error.id": "keyword",
"error.log.level": "keyword",
"error.log.logger_name": "keyword",
"error.log.message": "text",
"error.log.param_message": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"message": "match_only_text",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.id": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.id": "keyword",
"transaction.name": "keyword",
"transaction.sampled": "boolean",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"internal_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"agent_config_applied": "long",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.id": "keyword",
"faas.trigger.type": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.destination.service.resource": "keyword",
"span.destination.service.response_time.count": "long",
"span.destination.service.response_time.sum.us": "long",
"span.self_time.count": "long",
"span.self_time.sum.us": "long",
"span.subtype": "keyword",
"span.type": "keyword",
"timeseries.instance": "keyword",
"transaction.duration.histogram": "histogram",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.root": "boolean",
"transaction.sampled": "boolean",
"transaction.self_time.count": "long",
"transaction.self_time.sum.us": "long",
"transaction.type": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"profile_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"profile.alloc_objects.count": "long",
"profile.alloc_space.bytes": "long",
"profile.cpu.ns": "long",
"profile.duration": "long",
"profile.id": "keyword",
"profile.inuse_objects.count": "long",
"profile.inuse_space.bytes": "long",
"profile.samples.count": "long",
"profile.stack.filename": "keyword",
"profile.stack.function": "keyword",
"profile.stack.id": "keyword",
"profile.stack.line": "long",
"profile.top.filename": "keyword",
"profile.top.function": "keyword",
"profile.top.id": "keyword",
"profile.top.line": "long",
"profile.wall.us": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"rum_traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sampled_traces": {
"@timestamp": "date",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"event.ingested": "date",
"observer.id": "keyword",
"trace.id": "keyword"
},
"traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
}
},
"8.1.2": {
"app_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.action": "keyword",
"event.outcome": "keyword",
"event.severity": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"log.level": "keyword",
"message": "match_only_text",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.id": "keyword",
"trace.id": "keyword",
"transaction.id": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"app_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"system.cpu.total.norm.pct": "scaled_float",
"system.memory.actual.free": "long",
"system.memory.total": "long",
"system.process.cgroup.cpu.cfs.period.us": "long",
"system.process.cgroup.cpu.cfs.quota.us": "long",
"system.process.cgroup.cpu.id": "keyword",
"system.process.cgroup.cpu.stats.periods": "long",
"system.process.cgroup.cpu.stats.throttled.ns": "long",
"system.process.cgroup.cpu.stats.throttled.periods": "long",
"system.process.cgroup.cpuacct.id": "keyword",
"system.process.cgroup.cpuacct.total.ns": "long",
"system.process.cgroup.memory.mem.limit.bytes": "long",
"system.process.cgroup.memory.mem.usage.bytes": "long",
"system.process.cpu.total.norm.pct": "scaled_float",
"system.process.memory.rss.bytes": "long",
"system.process.memory.size": "long",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"error_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.culprit": "keyword",
"error.exception.code": "keyword",
"error.exception.handled": "boolean",
"error.exception.message": "text",
"error.exception.module": "keyword",
"error.exception.type": "keyword",
"error.grouping_key": "keyword",
"error.grouping_name": "keyword",
"error.id": "keyword",
"error.log.level": "keyword",
"error.log.logger_name": "keyword",
"error.log.message": "text",
"error.log.param_message": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"message": "match_only_text",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.id": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.id": "keyword",
"transaction.name": "keyword",
"transaction.sampled": "boolean",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"internal_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"agent_config_applied": "long",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.id": "keyword",
"faas.trigger.type": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.destination.service.resource": "keyword",
"span.destination.service.response_time.count": "long",
"span.destination.service.response_time.sum.us": "long",
"span.self_time.count": "long",
"span.self_time.sum.us": "long",
"span.subtype": "keyword",
"span.type": "keyword",
"timeseries.instance": "keyword",
"transaction.duration.histogram": "histogram",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.root": "boolean",
"transaction.sampled": "boolean",
"transaction.self_time.count": "long",
"transaction.self_time.sum.us": "long",
"transaction.type": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"profile_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"profile.alloc_objects.count": "long",
"profile.alloc_space.bytes": "long",
"profile.cpu.ns": "long",
"profile.duration": "long",
"profile.id": "keyword",
"profile.inuse_objects.count": "long",
"profile.inuse_space.bytes": "long",
"profile.samples.count": "long",
"profile.stack.filename": "keyword",
"profile.stack.function": "keyword",
"profile.stack.id": "keyword",
"profile.stack.line": "long",
"profile.top.filename": "keyword",
"profile.top.function": "keyword",
"profile.top.id": "keyword",
"profile.top.line": "long",
"profile.wall.us": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"rum_traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sampled_traces": {
"@timestamp": "date",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"event.ingested": "date",
"observer.id": "keyword",
"trace.id": "keyword"
},
"traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"observer.version_major": "byte",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
}
},
"8.2.0": {
"app_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.action": "keyword",
"event.outcome": "keyword",
"event.severity": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"log.level": "keyword",
"message": "match_only_text",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.id": "keyword",
"trace.id": "keyword",
"transaction.id": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"app_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"system.cpu.total.norm.pct": "scaled_float",
"system.memory.actual.free": "long",
"system.memory.total": "long",
"system.process.cgroup.cpu.cfs.period.us": "long",
"system.process.cgroup.cpu.cfs.quota.us": "long",
"system.process.cgroup.cpu.id": "keyword",
"system.process.cgroup.cpu.stats.periods": "long",
"system.process.cgroup.cpu.stats.throttled.ns": "long",
"system.process.cgroup.cpu.stats.throttled.periods": "long",
"system.process.cgroup.cpuacct.id": "keyword",
"system.process.cgroup.cpuacct.total.ns": "long",
"system.process.cgroup.memory.mem.limit.bytes": "long",
"system.process.cgroup.memory.mem.usage.bytes": "long",
"system.process.cpu.total.norm.pct": "scaled_float",
"system.process.memory.rss.bytes": "long",
"system.process.memory.size": "long",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"error_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.culprit": "keyword",
"error.exception.code": "keyword",
"error.exception.handled": "boolean",
"error.exception.message": "text",
"error.exception.module": "keyword",
"error.exception.type": "keyword",
"error.grouping_key": "keyword",
"error.grouping_name": "keyword",
"error.id": "keyword",
"error.log.level": "keyword",
"error.log.logger_name": "keyword",
"error.log.message": "text",
"error.log.param_message": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"message": "match_only_text",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.id": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.id": "keyword",
"transaction.name": "keyword",
"transaction.sampled": "boolean",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"internal_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"agent_config_applied": "long",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.destination.service.resource": "keyword",
"span.destination.service.response_time.count": "long",
"span.destination.service.response_time.sum.us": "long",
"span.self_time.count": "long",
"span.self_time.sum.us": "long",
"span.subtype": "keyword",
"span.type": "keyword",
"timeseries.instance": "keyword",
"transaction.duration.histogram": "histogram",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.root": "boolean",
"transaction.sampled": "boolean",
"transaction.self_time.count": "long",
"transaction.self_time.sum.us": "long",
"transaction.type": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"profile_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"profile.alloc_objects.count": "long",
"profile.alloc_space.bytes": "long",
"profile.cpu.ns": "long",
"profile.duration": "long",
"profile.id": "keyword",
"profile.inuse_objects.count": "long",
"profile.inuse_space.bytes": "long",
"profile.samples.count": "long",
"profile.stack.filename": "keyword",
"profile.stack.function": "keyword",
"profile.stack.id": "keyword",
"profile.stack.line": "long",
"profile.top.filename": "keyword",
"profile.top.function": "keyword",
"profile.top.id": "keyword",
"profile.top.line": "long",
"profile.wall.us": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"rum_traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.links.span.id": "keyword",
"span.links.trace.id": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sampled_traces": {
"@timestamp": "date",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"event.ingested": "date",
"observer.id": "keyword",
"trace.id": "keyword"
},
"traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.links.span.id": "keyword",
"span.links.trace.id": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
}
},
"8.3.0": {
"app_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.action": "keyword",
"event.outcome": "keyword",
"event.severity": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"log.level": "keyword",
"message": "match_only_text",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.id": "keyword",
"trace.id": "keyword",
"transaction.id": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"app_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"error_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.culprit": "keyword",
"error.exception.code": "keyword",
"error.exception.handled": "boolean",
"error.exception.message": "text",
"error.exception.module": "keyword",
"error.exception.type": "keyword",
"error.grouping_key": "keyword",
"error.grouping_name": "keyword",
"error.id": "keyword",
"error.log.level": "keyword",
"error.log.logger_name": "keyword",
"error.log.message": "text",
"error.log.param_message": "keyword",
"error.stack_trace": "wildcard",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"message": "match_only_text",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.id": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.id": "keyword",
"transaction.name": "keyword",
"transaction.sampled": "boolean",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"internal_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"agent_config_applied": "long",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"clr.gc.count": "long",
"clr.gc.gen0size": "long",
"clr.gc.gen1size": "long",
"clr.gc.gen2size": "long",
"clr.gc.gen3size": "long",
"clr.gc.time": "long",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"golang.goroutines": "long",
"golang.heap.allocations.active": "long",
"golang.heap.allocations.allocated": "long",
"golang.heap.allocations.frees": "long",
"golang.heap.allocations.idle": "long",
"golang.heap.allocations.mallocs": "long",
"golang.heap.allocations.objects": "long",
"golang.heap.allocations.total": "long",
"golang.heap.gc.cpu_fraction": "scaled_float",
"golang.heap.gc.next_gc_limit": "long",
"golang.heap.gc.total_count": "long",
"golang.heap.gc.total_pause.ns": "long",
"golang.heap.system.obtained": "long",
"golang.heap.system.released": "long",
"golang.heap.system.stack": "long",
"golang.heap.system.total": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"jvm.gc.alloc": "long",
"jvm.gc.count": "long",
"jvm.gc.time": "long",
"jvm.memory.heap.committed": "long",
"jvm.memory.heap.max": "long",
"jvm.memory.heap.pool.committed": "long",
"jvm.memory.heap.pool.max": "long",
"jvm.memory.heap.pool.used": "long",
"jvm.memory.heap.used": "long",
"jvm.memory.non_heap.committed": "long",
"jvm.memory.non_heap.max": "long",
"jvm.memory.non_heap.used": "long",
"jvm.thread.count": "long",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"nodejs.eventloop.delay.avg.ms": "scaled_float",
"nodejs.handles.active": "long",
"nodejs.memory.arrayBuffers.bytes": "long",
"nodejs.memory.external.bytes": "long",
"nodejs.memory.heap.allocated.bytes": "long",
"nodejs.memory.heap.used.bytes": "long",
"nodejs.requests.active": "long",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"ruby.gc.count": "long",
"ruby.gc.time": "scaled_float",
"ruby.heap.allocations.total": "long",
"ruby.heap.slots.free": "long",
"ruby.heap.slots.live": "long",
"ruby.threads": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.target.name": "keyword",
"service.target.type": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.destination.service.resource": "keyword",
"span.destination.service.response_time.count": "long",
"span.destination.service.response_time.sum.us": "long",
"span.self_time.count": "long",
"span.self_time.sum.us": "long",
"span.subtype": "keyword",
"span.type": "keyword",
"system.cpu.total.norm.pct": "scaled_float",
"system.memory.actual.free": "long",
"system.memory.total": "long",
"system.process.cgroup.cpu.cfs.period.us": "long",
"system.process.cgroup.cpu.cfs.quota.us": "long",
"system.process.cgroup.cpu.stats.periods": "long",
"system.process.cgroup.cpu.stats.throttled.ns": "long",
"system.process.cgroup.cpu.stats.throttled.periods": "long",
"system.process.cgroup.cpuacct.total.ns": "long",
"system.process.cgroup.memory.mem.limit.bytes": "long",
"system.process.cgroup.memory.mem.usage.bytes": "long",
"system.process.cgroup.memory.stats.inactive_file.bytes": "long",
"system.process.cpu.system.norm.pct": "scaled_float",
"system.process.cpu.total.norm.pct": "scaled_float",
"system.process.cpu.user.norm.pct": "scaled_float",
"system.process.memory.rss.bytes": "long",
"system.process.memory.size": "long",
"tags": "keyword",
"timeseries.instance": "keyword",
"transaction.duration.histogram": "histogram",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.root": "boolean",
"transaction.sampled": "boolean",
"transaction.self_time.count": "long",
"transaction.self_time.sum.us": "long",
"transaction.type": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"profile_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"profile.alloc_objects.count": "long",
"profile.alloc_space.bytes": "long",
"profile.cpu.ns": "long",
"profile.duration": "long",
"profile.id": "keyword",
"profile.inuse_objects.count": "long",
"profile.inuse_space.bytes": "long",
"profile.samples.count": "long",
"profile.stack.filename": "keyword",
"profile.stack.function": "keyword",
"profile.stack.id": "keyword",
"profile.stack.line": "long",
"profile.top.filename": "keyword",
"profile.top.function": "keyword",
"profile.top.id": "keyword",
"profile.top.line": "long",
"profile.wall.us": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"rum_traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.target.name": "keyword",
"service.target.type": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.links.span.id": "keyword",
"span.links.trace.id": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sampled_traces": {
"@timestamp": "date",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"event.ingested": "date",
"observer.id": "keyword",
"trace.id": "keyword"
},
"traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.target.name": "keyword",
"service.target.type": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.links.span.id": "keyword",
"span.links.trace.id": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
}
},
"8.3.3": {
"app_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.action": "keyword",
"event.outcome": "keyword",
"event.severity": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"log.level": "keyword",
"message": "match_only_text",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.id": "keyword",
"trace.id": "keyword",
"transaction.id": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"app_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"error_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.culprit": "keyword",
"error.exception.code": "keyword",
"error.exception.handled": "boolean",
"error.exception.message": "text",
"error.exception.module": "keyword",
"error.exception.type": "keyword",
"error.grouping_key": "keyword",
"error.grouping_name": "keyword",
"error.id": "keyword",
"error.log.level": "keyword",
"error.log.logger_name": "keyword",
"error.log.message": "text",
"error.log.param_message": "keyword",
"error.stack_trace": "wildcard",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"message": "match_only_text",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.id": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.id": "keyword",
"transaction.name": "keyword",
"transaction.sampled": "boolean",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"internal_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"agent_config_applied": "long",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"clr.gc.count": "long",
"clr.gc.gen0size": "long",
"clr.gc.gen1size": "long",
"clr.gc.gen2size": "long",
"clr.gc.gen3size": "long",
"clr.gc.time": "long",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"golang.goroutines": "long",
"golang.heap.allocations.active": "long",
"golang.heap.allocations.allocated": "long",
"golang.heap.allocations.frees": "long",
"golang.heap.allocations.idle": "long",
"golang.heap.allocations.mallocs": "long",
"golang.heap.allocations.objects": "long",
"golang.heap.allocations.total": "long",
"golang.heap.gc.cpu_fraction": "scaled_float",
"golang.heap.gc.next_gc_limit": "long",
"golang.heap.gc.total_count": "long",
"golang.heap.gc.total_pause.ns": "long",
"golang.heap.system.obtained": "long",
"golang.heap.system.released": "long",
"golang.heap.system.stack": "long",
"golang.heap.system.total": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"jvm.gc.alloc": "long",
"jvm.gc.count": "long",
"jvm.gc.time": "long",
"jvm.memory.heap.committed": "long",
"jvm.memory.heap.max": "long",
"jvm.memory.heap.pool.committed": "long",
"jvm.memory.heap.pool.max": "long",
"jvm.memory.heap.pool.used": "long",
"jvm.memory.heap.used": "long",
"jvm.memory.non_heap.committed": "long",
"jvm.memory.non_heap.max": "long",
"jvm.memory.non_heap.used": "long",
"jvm.thread.count": "long",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"nodejs.eventloop.delay.avg.ms": "scaled_float",
"nodejs.handles.active": "long",
"nodejs.memory.arrayBuffers.bytes": "long",
"nodejs.memory.external.bytes": "long",
"nodejs.memory.heap.allocated.bytes": "long",
"nodejs.memory.heap.used.bytes": "long",
"nodejs.requests.active": "long",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"ruby.gc.count": "long",
"ruby.gc.time": "scaled_float",
"ruby.heap.allocations.total": "long",
"ruby.heap.slots.free": "long",
"ruby.heap.slots.live": "long",
"ruby.threads": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.target.name": "keyword",
"service.target.type": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.destination.service.resource": "keyword",
"span.destination.service.response_time.count": "long",
"span.destination.service.response_time.sum.us": "long",
"span.self_time.count": "long",
"span.self_time.sum.us": "long",
"span.subtype": "keyword",
"span.type": "keyword",
"system.cpu.total.norm.pct": "scaled_float",
"system.memory.actual.free": "long",
"system.memory.total": "long",
"system.process.cgroup.cpu.cfs.period.us": "long",
"system.process.cgroup.cpu.cfs.quota.us": "long",
"system.process.cgroup.cpu.stats.periods": "long",
"system.process.cgroup.cpu.stats.throttled.ns": "long",
"system.process.cgroup.cpu.stats.throttled.periods": "long",
"system.process.cgroup.cpuacct.total.ns": "long",
"system.process.cgroup.memory.mem.limit.bytes": "long",
"system.process.cgroup.memory.mem.usage.bytes": "long",
"system.process.cgroup.memory.stats.inactive_file.bytes": "long",
"system.process.cpu.system.norm.pct": "scaled_float",
"system.process.cpu.total.norm.pct": "scaled_float",
"system.process.cpu.user.norm.pct": "scaled_float",
"system.process.memory.rss.bytes": "long",
"system.process.memory.size": "long",
"tags": "keyword",
"timeseries.instance": "keyword",
"transaction.duration.histogram": "histogram",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.root": "boolean",
"transaction.sampled": "boolean",
"transaction.self_time.count": "long",
"transaction.self_time.sum.us": "long",
"transaction.type": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"profile_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"profile.alloc_objects.count": "long",
"profile.alloc_space.bytes": "long",
"profile.cpu.ns": "long",
"profile.duration": "long",
"profile.id": "keyword",
"profile.inuse_objects.count": "long",
"profile.inuse_space.bytes": "long",
"profile.samples.count": "long",
"profile.stack.filename": "keyword",
"profile.stack.function": "keyword",
"profile.stack.id": "keyword",
"profile.stack.line": "long",
"profile.top.filename": "keyword",
"profile.top.function": "keyword",
"profile.top.id": "keyword",
"profile.top.line": "long",
"profile.wall.us": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"rum_traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.target.name": "keyword",
"service.target.type": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.links.span.id": "keyword",
"span.links.trace.id": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sampled_traces": {
"@timestamp": "date",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"event.ingested": "date",
"observer.id": "keyword",
"trace.id": "keyword"
},
"traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.target.name": "keyword",
"service.target.type": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.links.span.id": "keyword",
"span.links.trace.id": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
}
},
"8.4.0": {
"app_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.action": "keyword",
"event.outcome": "keyword",
"event.severity": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"log.level": "keyword",
"message": "match_only_text",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.id": "keyword",
"trace.id": "keyword",
"transaction.id": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"app_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"error_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.culprit": "keyword",
"error.exception.code": "keyword",
"error.exception.handled": "boolean",
"error.exception.message": "text",
"error.exception.module": "keyword",
"error.exception.type": "keyword",
"error.grouping_key": "keyword",
"error.grouping_name": "keyword",
"error.id": "keyword",
"error.log.level": "keyword",
"error.log.logger_name": "keyword",
"error.log.message": "text",
"error.log.param_message": "keyword",
"error.stack_trace": "wildcard",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"message": "match_only_text",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.id": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.id": "keyword",
"transaction.name": "keyword",
"transaction.sampled": "boolean",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"internal_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"agent_config_applied": "long",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"clr.gc.count": "long",
"clr.gc.gen0size": "long",
"clr.gc.gen1size": "long",
"clr.gc.gen2size": "long",
"clr.gc.gen3size": "long",
"clr.gc.time": "long",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.billed_duration": "long",
"faas.coldstart": "boolean",
"faas.coldstart_duration": "float",
"faas.duration": "float",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.timeout": "long",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"golang.goroutines": "long",
"golang.heap.allocations.active": "long",
"golang.heap.allocations.allocated": "long",
"golang.heap.allocations.frees": "long",
"golang.heap.allocations.idle": "long",
"golang.heap.allocations.mallocs": "long",
"golang.heap.allocations.objects": "long",
"golang.heap.allocations.total": "long",
"golang.heap.gc.cpu_fraction": "scaled_float",
"golang.heap.gc.next_gc_limit": "long",
"golang.heap.gc.total_count": "long",
"golang.heap.gc.total_pause.ns": "long",
"golang.heap.system.obtained": "long",
"golang.heap.system.released": "long",
"golang.heap.system.stack": "long",
"golang.heap.system.total": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"jvm.gc.alloc": "long",
"jvm.gc.count": "long",
"jvm.gc.time": "long",
"jvm.memory.heap.committed": "long",
"jvm.memory.heap.max": "long",
"jvm.memory.heap.pool.committed": "long",
"jvm.memory.heap.pool.max": "long",
"jvm.memory.heap.pool.used": "long",
"jvm.memory.heap.used": "long",
"jvm.memory.non_heap.committed": "long",
"jvm.memory.non_heap.max": "long",
"jvm.memory.non_heap.used": "long",
"jvm.thread.count": "long",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"nodejs.eventloop.delay.avg.ms": "scaled_float",
"nodejs.handles.active": "long",
"nodejs.memory.arrayBuffers.bytes": "long",
"nodejs.memory.external.bytes": "long",
"nodejs.memory.heap.allocated.bytes": "long",
"nodejs.memory.heap.used.bytes": "long",
"nodejs.requests.active": "long",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"ruby.gc.count": "long",
"ruby.gc.time": "scaled_float",
"ruby.heap.allocations.total": "long",
"ruby.heap.slots.free": "long",
"ruby.heap.slots.live": "long",
"ruby.threads": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.target.name": "keyword",
"service.target.type": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.destination.service.resource": "keyword",
"span.destination.service.response_time.count": "long",
"span.destination.service.response_time.sum.us": "long",
"span.name": "keyword",
"span.self_time.count": "long",
"span.self_time.sum.us": "long",
"span.subtype": "keyword",
"span.type": "keyword",
"system.cpu.total.norm.pct": "scaled_float",
"system.memory.actual.free": "long",
"system.memory.total": "long",
"system.process.cgroup.cpu.cfs.period.us": "long",
"system.process.cgroup.cpu.cfs.quota.us": "long",
"system.process.cgroup.cpu.stats.periods": "long",
"system.process.cgroup.cpu.stats.throttled.ns": "long",
"system.process.cgroup.cpu.stats.throttled.periods": "long",
"system.process.cgroup.cpuacct.total.ns": "long",
"system.process.cgroup.memory.mem.limit.bytes": "long",
"system.process.cgroup.memory.mem.usage.bytes": "long",
"system.process.cgroup.memory.stats.inactive_file.bytes": "long",
"system.process.cpu.system.norm.pct": "scaled_float",
"system.process.cpu.total.norm.pct": "scaled_float",
"system.process.cpu.user.norm.pct": "scaled_float",
"system.process.memory.rss.bytes": "long",
"system.process.memory.size": "long",
"tags": "keyword",
"timeseries.instance": "keyword",
"transaction.duration.histogram": "histogram",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.root": "boolean",
"transaction.sampled": "boolean",
"transaction.self_time.count": "long",
"transaction.self_time.sum.us": "long",
"transaction.type": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"profile_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"profile.alloc_objects.count": "long",
"profile.alloc_space.bytes": "long",
"profile.cpu.ns": "long",
"profile.duration": "long",
"profile.id": "keyword",
"profile.inuse_objects.count": "long",
"profile.inuse_space.bytes": "long",
"profile.samples.count": "long",
"profile.stack.filename": "keyword",
"profile.stack.function": "keyword",
"profile.stack.id": "keyword",
"profile.stack.line": "long",
"profile.top.filename": "keyword",
"profile.top.function": "keyword",
"profile.top.id": "keyword",
"profile.top.line": "long",
"profile.wall.us": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"rum_traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.target.name": "keyword",
"service.target.type": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.links.span.id": "keyword",
"span.links.trace.id": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sampled_traces": {
"@timestamp": "date",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"event.ingested": "date",
"observer.id": "keyword",
"trace.id": "keyword"
},
"traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.target.name": "keyword",
"service.target.type": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.links.span.id": "keyword",
"span.links.trace.id": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
}
},
"8.4.2": {
"app_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.action": "keyword",
"event.outcome": "keyword",
"event.severity": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"log.level": "keyword",
"message": "match_only_text",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.id": "keyword",
"trace.id": "keyword",
"transaction.id": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"app_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"error_logs": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.culprit": "keyword",
"error.exception.code": "keyword",
"error.exception.handled": "boolean",
"error.exception.message": "text",
"error.exception.module": "keyword",
"error.exception.type": "keyword",
"error.grouping_key": "keyword",
"error.grouping_name": "keyword",
"error.id": "keyword",
"error.log.level": "keyword",
"error.log.logger_name": "keyword",
"error.log.message": "text",
"error.log.param_message": "keyword",
"error.stack_trace": "wildcard",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"message": "match_only_text",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.id": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.id": "keyword",
"transaction.name": "keyword",
"transaction.sampled": "boolean",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"internal_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"agent_config_applied": "long",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"clr.gc.count": "long",
"clr.gc.gen0size": "long",
"clr.gc.gen1size": "long",
"clr.gc.gen2size": "long",
"clr.gc.gen3size": "long",
"clr.gc.time": "long",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.billed_duration": "long",
"faas.coldstart": "boolean",
"faas.coldstart_duration": "float",
"faas.duration": "float",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.timeout": "long",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"golang.goroutines": "long",
"golang.heap.allocations.active": "long",
"golang.heap.allocations.allocated": "long",
"golang.heap.allocations.frees": "long",
"golang.heap.allocations.idle": "long",
"golang.heap.allocations.mallocs": "long",
"golang.heap.allocations.objects": "long",
"golang.heap.allocations.total": "long",
"golang.heap.gc.cpu_fraction": "scaled_float",
"golang.heap.gc.next_gc_limit": "long",
"golang.heap.gc.total_count": "long",
"golang.heap.gc.total_pause.ns": "long",
"golang.heap.system.obtained": "long",
"golang.heap.system.released": "long",
"golang.heap.system.stack": "long",
"golang.heap.system.total": "long",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"jvm.gc.alloc": "long",
"jvm.gc.count": "long",
"jvm.gc.time": "long",
"jvm.memory.heap.committed": "long",
"jvm.memory.heap.max": "long",
"jvm.memory.heap.pool.committed": "long",
"jvm.memory.heap.pool.max": "long",
"jvm.memory.heap.pool.used": "long",
"jvm.memory.heap.used": "long",
"jvm.memory.non_heap.committed": "long",
"jvm.memory.non_heap.max": "long",
"jvm.memory.non_heap.used": "long",
"jvm.thread.count": "long",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"metricset.name": "keyword",
"network.connection.type": "keyword",
"nodejs.eventloop.delay.avg.ms": "scaled_float",
"nodejs.handles.active": "long",
"nodejs.memory.arrayBuffers.bytes": "long",
"nodejs.memory.external.bytes": "long",
"nodejs.memory.heap.allocated.bytes": "long",
"nodejs.memory.heap.used.bytes": "long",
"nodejs.requests.active": "long",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"ruby.gc.count": "long",
"ruby.gc.time": "scaled_float",
"ruby.heap.allocations.total": "long",
"ruby.heap.slots.free": "long",
"ruby.heap.slots.live": "long",
"ruby.threads": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.target.name": "keyword",
"service.target.type": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.destination.service.resource": "keyword",
"span.destination.service.response_time.count": "long",
"span.destination.service.response_time.sum.us": "long",
"span.name": "keyword",
"span.self_time.count": "long",
"span.self_time.sum.us": "long",
"span.subtype": "keyword",
"span.type": "keyword",
"system.cpu.total.norm.pct": "scaled_float",
"system.memory.actual.free": "long",
"system.memory.total": "long",
"system.process.cgroup.cpu.cfs.period.us": "long",
"system.process.cgroup.cpu.cfs.quota.us": "long",
"system.process.cgroup.cpu.stats.periods": "long",
"system.process.cgroup.cpu.stats.throttled.ns": "long",
"system.process.cgroup.cpu.stats.throttled.periods": "long",
"system.process.cgroup.cpuacct.total.ns": "long",
"system.process.cgroup.memory.mem.limit.bytes": "long",
"system.process.cgroup.memory.mem.usage.bytes": "long",
"system.process.cgroup.memory.stats.inactive_file.bytes": "long",
"system.process.cpu.system.norm.pct": "scaled_float",
"system.process.cpu.total.norm.pct": "scaled_float",
"system.process.cpu.user.norm.pct": "scaled_float",
"system.process.memory.rss.bytes": "long",
"system.process.memory.size": "long",
"tags": "keyword",
"timeseries.instance": "keyword",
"transaction.duration.histogram": "histogram",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.root": "boolean",
"transaction.sampled": "boolean",
"transaction.self_time.count": "long",
"transaction.self_time.sum.us": "long",
"transaction.type": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"profile_metrics": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "constant_keyword",
"processor.name": "constant_keyword",
"profile.alloc_objects.count": "long",
"profile.alloc_space.bytes": "long",
"profile.cpu.ns": "long",
"profile.duration": "long",
"profile.id": "keyword",
"profile.inuse_objects.count": "long",
"profile.inuse_space.bytes": "long",
"profile.samples.count": "long",
"profile.stack.filename": "keyword",
"profile.stack.function": "keyword",
"profile.stack.id": "keyword",
"profile.stack.line": "long",
"profile.top.filename": "keyword",
"profile.top.function": "keyword",
"profile.top.id": "keyword",
"profile.top.line": "long",
"profile.wall.us": "long",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.version": "keyword",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"rum_traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.target.name": "keyword",
"service.target.type": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.links.span.id": "keyword",
"span.links.trace.id": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sampled_traces": {
"@timestamp": "date",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"event.ingested": "date",
"observer.id": "keyword",
"trace.id": "keyword"
},
"traces": {
"@timestamp": "date",
"agent.ephemeral_id": "keyword",
"agent.name": "keyword",
"agent.version": "keyword",
"child.id": "keyword",
"client.domain": "keyword",
"client.geo.city_name": "keyword",
"client.geo.continent_name": "keyword",
"client.geo.country_iso_code": "keyword",
"client.geo.country_name": "keyword",
"client.geo.location": "geo_point",
"client.geo.region_iso_code": "keyword",
"client.geo.region_name": "keyword",
"client.ip": "ip",
"client.port": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"event.outcome": "keyword",
"faas.coldstart": "boolean",
"faas.execution": "keyword",
"faas.id": "keyword",
"faas.name": "keyword",
"faas.trigger.request_id": "keyword",
"faas.trigger.type": "keyword",
"faas.version": "keyword",
"host.architecture": "keyword",
"host.hostname": "keyword",
"host.ip": "ip",
"host.name": "keyword",
"host.os.platform": "keyword",
"http.request.headers": "object",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.finished": "boolean",
"http.response.headers": "object",
"http.response.status_code": "long",
"http.version": "keyword",
"kubernetes.namespace": "keyword",
"kubernetes.node.name": "keyword",
"kubernetes.pod.name": "keyword",
"kubernetes.pod.uid": "keyword",
"labels": "object",
"network.carrier.icc": "keyword",
"network.carrier.mcc": "keyword",
"network.carrier.mnc": "keyword",
"network.carrier.name": "keyword",
"network.connection.subtype": "keyword",
"network.connection.type": "keyword",
"numeric_labels": "object",
"observer.ephemeral_id": "keyword",
"observer.hostname": "keyword",
"observer.id": "keyword",
"observer.name": "keyword",
"observer.type": "keyword",
"observer.version": "keyword",
"parent.id": "keyword",
"process.args": "keyword",
"process.pid": "long",
"process.ppid": "long",
"process.title": "keyword",
"processor.event": "keyword",
"processor.name": "constant_keyword",
"service.environment": "keyword",
"service.framework.name": "keyword",
"service.framework.version": "keyword",
"service.language.name": "keyword",
"service.language.version": "keyword",
"service.name": "keyword",
"service.node.name": "keyword",
"service.origin.id": "keyword",
"service.origin.name": "keyword",
"service.origin.version": "keyword",
"service.runtime.name": "keyword",
"service.runtime.version": "keyword",
"service.target.name": "keyword",
"service.target.type": "keyword",
"service.version": "keyword",
"session.id": "keyword",
"session.sequence": "long",
"source.domain": "keyword",
"source.ip": "ip",
"source.nat.ip": "ip",
"source.nat.port": "long",
"source.port": "long",
"span.action": "keyword",
"span.composite.compression_strategy": "keyword",
"span.composite.count": "long",
"span.composite.sum.us": "long",
"span.db.link": "keyword",
"span.db.rows_affected": "long",
"span.destination.service.name": "keyword",
"span.destination.service.resource": "keyword",
"span.destination.service.type": "keyword",
"span.duration.us": "long",
"span.id": "keyword",
"span.kind": "keyword",
"span.links.span.id": "keyword",
"span.links.trace.id": "keyword",
"span.message.age.ms": "long",
"span.message.queue.name": "keyword",
"span.name": "keyword",
"span.subtype": "keyword",
"span.sync": "boolean",
"span.type": "keyword",
"timestamp.us": "long",
"trace.id": "keyword",
"transaction.duration.us": "long",
"transaction.experience.cls": "scaled_float",
"transaction.experience.fid": "scaled_float",
"transaction.experience.longtask.count": "long",
"transaction.experience.longtask.max": "scaled_float",
"transaction.experience.longtask.sum": "scaled_float",
"transaction.experience.tbt": "scaled_float",
"transaction.id": "keyword",
"transaction.marks": "object",
"transaction.message.age.ms": "long",
"transaction.message.queue.name": "keyword",
"transaction.name": "keyword",
"transaction.result": "keyword",
"transaction.sampled": "boolean",
"transaction.span_count.dropped": "long",
"transaction.type": "keyword",
"url.domain": "keyword",
"url.fragment": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.query": "keyword",
"url.scheme": "keyword",
"user.domain": "keyword",
"user.email": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.family": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.kernel": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.platform": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
}
}
},
"aws": {
"1.0.0": {
"billing": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.billing.AmortizedCost.amount": "double",
"aws.billing.AmortizedCost.unit": "keyword",
"aws.billing.BlendedCost.amount": "double",
"aws.billing.BlendedCost.unit": "keyword",
"aws.billing.Currency": "keyword",
"aws.billing.EstimatedCharges": "long",
"aws.billing.NormalizedUsageAmount.amount": "double",
"aws.billing.NormalizedUsageAmount.unit": "keyword",
"aws.billing.ServiceName": "keyword",
"aws.billing.UnblendedCost.amount": "double",
"aws.billing.UnblendedCost.unit": "keyword",
"aws.billing.UsageQuantity.amount": "double",
"aws.billing.UsageQuantity.unit": "keyword",
"aws.billing.end_date": "keyword",
"aws.billing.group_by": "object",
"aws.billing.group_definition.key": "keyword",
"aws.billing.group_definition.type": "keyword",
"aws.billing.start_date": "keyword",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.linked_account.id": "keyword",
"aws.linked_account.name": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"cloudtrail": {
"@timestamp": "date",
"aws.cloudtrail.additional_eventdata": "keyword",
"aws.cloudtrail.api_version": "keyword",
"aws.cloudtrail.console_login.additional_eventdata.login_to": "keyword",
"aws.cloudtrail.console_login.additional_eventdata.mfa_used": "boolean",
"aws.cloudtrail.console_login.additional_eventdata.mobile_version": "boolean",
"aws.cloudtrail.error_code": "keyword",
"aws.cloudtrail.error_message": "keyword",
"aws.cloudtrail.event_category": "keyword",
"aws.cloudtrail.event_type": "keyword",
"aws.cloudtrail.event_version": "keyword",
"aws.cloudtrail.flattened.additional_eventdata": "flattened",
"aws.cloudtrail.flattened.digest": "flattened",
"aws.cloudtrail.flattened.insight_details": "flattened",
"aws.cloudtrail.flattened.request_parameters": "flattened",
"aws.cloudtrail.flattened.response_elements": "flattened",
"aws.cloudtrail.flattened.service_event_details": "flattened",
"aws.cloudtrail.management_event": "keyword",
"aws.cloudtrail.read_only": "boolean",
"aws.cloudtrail.recipient_account_id": "keyword",
"aws.cloudtrail.request_id": "keyword",
"aws.cloudtrail.request_parameters": "keyword",
"aws.cloudtrail.resources.account_id": "keyword",
"aws.cloudtrail.resources.arn": "keyword",
"aws.cloudtrail.resources.type": "keyword",
"aws.cloudtrail.response_elements": "keyword",
"aws.cloudtrail.service_event_details": "keyword",
"aws.cloudtrail.shared_event_id": "keyword",
"aws.cloudtrail.user_identity.access_key_id": "keyword",
"aws.cloudtrail.user_identity.arn": "keyword",
"aws.cloudtrail.user_identity.invoked_by": "keyword",
"aws.cloudtrail.user_identity.session_context.creation_date": "date",
"aws.cloudtrail.user_identity.session_context.mfa_authenticated": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.account_id": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.arn": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.principal_id": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.type": "keyword",
"aws.cloudtrail.user_identity.type": "keyword",
"aws.cloudtrail.vpc_endpoint_id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.action": "keyword",
"event.created": "date",
"event.dataset": "constant_keyword",
"event.ingested": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.provider": "keyword",
"event.type": "keyword",
"file.hash.md5": "keyword",
"file.hash.sha1": "keyword",
"file.hash.sha256": "keyword",
"file.hash.sha512": "keyword",
"file.path": "keyword",
"group.id": "keyword",
"group.name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"related.hash": "keyword",
"related.user": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"tags": "keyword",
"user.changes.name": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user.target.id": "keyword",
"user.target.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"cloudwatch_logs": {
"@timestamp": "date",
"aws.cloudwatch.message": "text",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"tags": "keyword"
},
"cloudwatch_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"dynamodb": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dynamodb.metrics.AccountMaxReads.max": "long",
"aws.dynamodb.metrics.AccountMaxTableLevelReads.max": "long",
"aws.dynamodb.metrics.AccountMaxTableLevelWrites.max": "long",
"aws.dynamodb.metrics.AccountMaxWrites.max": "long",
"aws.dynamodb.metrics.AccountProvisionedReadCapacityUtilization.avg": "double",
"aws.dynamodb.metrics.AccountProvisionedWriteCapacityUtilization.avg": "double",
"aws.dynamodb.metrics.ConditionalCheckFailedRequests.sum": "long",
"aws.dynamodb.metrics.ConsumedReadCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ConsumedReadCapacityUnits.sum": "long",
"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.sum": "long",
"aws.dynamodb.metrics.MaxProvisionedTableReadCapacityUtilization.max": "double",
"aws.dynamodb.metrics.MaxProvisionedTableWriteCapacityUtilization.max": "double",
"aws.dynamodb.metrics.OnlineIndexPercentageProgress.avg": "double",
"aws.dynamodb.metrics.PendingReplicationCount.sum": "long",
"aws.dynamodb.metrics.ProvisionedReadCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ProvisionedWriteCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ReadThrottleEvents.sum": "long",
"aws.dynamodb.metrics.ReplicationLatency.avg": "double",
"aws.dynamodb.metrics.ReplicationLatency.max": "double",
"aws.dynamodb.metrics.SuccessfulRequestLatency.avg": "double",
"aws.dynamodb.metrics.SuccessfulRequestLatency.max": "double",
"aws.dynamodb.metrics.SystemErrors.sum": "long",
"aws.dynamodb.metrics.ThrottledRequests.sum": "long",
"aws.dynamodb.metrics.TransactionConflict.avg": "double",
"aws.dynamodb.metrics.TransactionConflict.sum": "long",
"aws.dynamodb.metrics.WriteThrottleEvents.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"ebs": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.VolumeId": "keyword",
"aws.ebs.metrics.BurstBalance.avg": "double",
"aws.ebs.metrics.VolumeConsumedReadWriteOps.avg": "double",
"aws.ebs.metrics.VolumeIdleTime.sum": "double",
"aws.ebs.metrics.VolumeQueueLength.avg": "double",
"aws.ebs.metrics.VolumeReadBytes.avg": "double",
"aws.ebs.metrics.VolumeReadOps.avg": "double",
"aws.ebs.metrics.VolumeThroughputPercentage.avg": "double",
"aws.ebs.metrics.VolumeTotalReadTime.sum": "double",
"aws.ebs.metrics.VolumeTotalWriteTime.sum": "double",
"aws.ebs.metrics.VolumeWriteBytes.avg": "double",
"aws.ebs.metrics.VolumeWriteOps.avg": "double",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"ec2_logs": {
"@timestamp": "date",
"aws.ec2.ip_address": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"message": "text",
"process.name": "keyword",
"tags": "keyword"
},
"ec2_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AutoScalingGroupName": "keyword",
"aws.dimensions.ImageId": "keyword",
"aws.dimensions.InstanceId": "keyword",
"aws.dimensions.InstanceType": "keyword",
"aws.ec2.cpu.credit_balance": "long",
"aws.ec2.cpu.credit_usage": "long",
"aws.ec2.cpu.surplus_credit_balance": "long",
"aws.ec2.cpu.surplus_credits_charged": "long",
"aws.ec2.cpu.total.pct": "scaled_float",
"aws.ec2.diskio.read.bytes": "long",
"aws.ec2.diskio.read.bytes_per_sec": "long",
"aws.ec2.diskio.read.count": "long",
"aws.ec2.diskio.read.count_per_sec": "long",
"aws.ec2.diskio.write.bytes": "long",
"aws.ec2.diskio.write.bytes_per_sec": "long",
"aws.ec2.diskio.write.count": "long",
"aws.ec2.diskio.write.count_per_sec": "long",
"aws.ec2.instance.core.count": "integer",
"aws.ec2.instance.image.id": "keyword",
"aws.ec2.instance.monitoring.state": "keyword",
"aws.ec2.instance.private.dns_name": "keyword",
"aws.ec2.instance.private.ip": "ip",
"aws.ec2.instance.public.dns_name": "keyword",
"aws.ec2.instance.public.ip": "ip",
"aws.ec2.instance.state.code": "integer",
"aws.ec2.instance.state.name": "keyword",
"aws.ec2.instance.threads_per_core": "integer",
"aws.ec2.network.in.bytes": "long",
"aws.ec2.network.in.bytes_per_sec": "long",
"aws.ec2.network.in.packets": "long",
"aws.ec2.network.in.packets_per_sec": "long",
"aws.ec2.network.out.bytes": "long",
"aws.ec2.network.out.bytes_per_sec": "long",
"aws.ec2.network.out.packets": "long",
"aws.ec2.network.out.packets_per_sec": "long",
"aws.ec2.status.check_failed": "long",
"aws.ec2.status.check_failed_instance": "long",
"aws.ec2.status.check_failed_system": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.cpu.pct": "scaled_float",
"host.disk.read.bytes": "long",
"host.disk.write.bytes": "long",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.network.in.bytes": "long",
"host.network.in.packets": "long",
"host.network.out.bytes": "long",
"host.network.out.packets": "long",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"elb_logs": {
"@timestamp": "date",
"aws.elb.action_executed": "keyword",
"aws.elb.backend.http.response.status_code": "long",
"aws.elb.backend.ip": "keyword",
"aws.elb.backend.port": "keyword",
"aws.elb.backend_processing_time.sec": "float",
"aws.elb.chosen_cert.arn": "keyword",
"aws.elb.chosen_cert.serial": "keyword",
"aws.elb.classification": "keyword",
"aws.elb.classification_reason": "keyword",
"aws.elb.connection_time.ms": "long",
"aws.elb.error.reason": "keyword",
"aws.elb.incoming_tls_alert": "keyword",
"aws.elb.listener": "keyword",
"aws.elb.matched_rule_priority": "keyword",
"aws.elb.name": "keyword",
"aws.elb.protocol": "keyword",
"aws.elb.redirect_url": "keyword",
"aws.elb.request_processing_time.sec": "float",
"aws.elb.response_processing_time.sec": "float",
"aws.elb.ssl_cipher": "keyword",
"aws.elb.ssl_protocol": "keyword",
"aws.elb.target_group.arn": "keyword",
"aws.elb.target_port": "keyword",
"aws.elb.target_status_code": "keyword",
"aws.elb.tls_handshake_time.ms": "long",
"aws.elb.tls_named_group": "keyword",
"aws.elb.trace_id": "keyword",
"aws.elb.type": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.bytes": "long",
"destination.domain": "keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.category": "keyword",
"event.dataset": "constant_keyword",
"event.end": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"event.start": "date",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.body.bytes": "long",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.body.bytes": "long",
"http.response.status_code": "long",
"http.version": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "keyword",
"tags": "keyword",
"tracing.trace.id": "keyword",
"url.domain": "keyword",
"url.original": "keyword",
"url.path": "keyword",
"url.port": "long",
"url.scheme": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.version": "keyword"
},
"elb_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.applicationelb.metrics.ActiveConnectionCount.sum": "long",
"aws.applicationelb.metrics.ClientTLSNegotiationErrorCount.sum": "long",
"aws.applicationelb.metrics.ConsumedLCUs.avg": "double",
"aws.applicationelb.metrics.HTTPCode_ELB_3XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_4XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_500_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_502_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_503_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_504_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_5XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Fixed_Response_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Redirect_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Redirect_Url_Limit_Exceeded_Count.sum": "long",
"aws.applicationelb.metrics.IPv6ProcessedBytes.sum": "long",
"aws.applicationelb.metrics.IPv6RequestCount.sum": "long",
"aws.applicationelb.metrics.NewConnectionCount.sum": "long",
"aws.applicationelb.metrics.ProcessedBytes.sum": "long",
"aws.applicationelb.metrics.RejectedConnectionCount.sum": "long",
"aws.applicationelb.metrics.RequestCount.sum": "long",
"aws.applicationelb.metrics.RuleEvaluations.sum": "long",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AvailabilityZone": "keyword",
"aws.dimensions.LoadBalancer": "keyword",
"aws.dimensions.LoadBalancerName": "keyword",
"aws.dimensions.TargetGroup": "keyword",
"aws.elb.metrics.BackendConnectionErrors.sum": "long",
"aws.elb.metrics.EstimatedALBActiveConnectionCount.avg": "double",
"aws.elb.metrics.EstimatedALBConsumedLCUs.avg": "double",
"aws.elb.metrics.EstimatedALBNewConnectionCount.avg": "double",
"aws.elb.metrics.EstimatedProcessedBytes.avg": "double",
"aws.elb.metrics.HTTPCode_Backend_2XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_3XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_4XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_5XX.sum": "long",
"aws.elb.metrics.HTTPCode_ELB_4XX.sum": "long",
"aws.elb.metrics.HTTPCode_ELB_5XX.sum": "long",
"aws.elb.metrics.HealthyHostCount.max": "long",
"aws.elb.metrics.Latency.avg": "double",
"aws.elb.metrics.RequestCount.sum": "long",
"aws.elb.metrics.SpilloverCount.sum": "long",
"aws.elb.metrics.SurgeQueueLength.max": "long",
"aws.elb.metrics.UnHealthyHostCount.max": "long",
"aws.networkelb.metrics.ActiveFlowCount.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_TCP.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_TLS.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_UDP.avg": "double",
"aws.networkelb.metrics.ClientTLSNegotiationErrorCount.sum": "long",
"aws.networkelb.metrics.ConsumedLCUs.avg": "double",
"aws.networkelb.metrics.HealthyHostCount.max": "long",
"aws.networkelb.metrics.NewFlowCount.sum": "long",
"aws.networkelb.metrics.NewFlowCount_TLS.sum": "long",
"aws.networkelb.metrics.ProcessedBytes.sum": "long",
"aws.networkelb.metrics.ProcessedBytes_TLS.sum": "long",
"aws.networkelb.metrics.TCP_Client_Reset_Count.sum": "long",
"aws.networkelb.metrics.TCP_ELB_Reset_Count.sum": "long",
"aws.networkelb.metrics.TCP_Target_Reset_Count.sum": "long",
"aws.networkelb.metrics.TargetTLSNegotiationErrorCount.sum": "long",
"aws.networkelb.metrics.UnHealthyHostCount.max": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"lambda": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.ExecutedVersion": "keyword",
"aws.dimensions.FunctionName": "keyword",
"aws.dimensions.Resource": "keyword",
"aws.lambda.metrics.ConcurrentExecutions.avg": "double",
"aws.lambda.metrics.DeadLetterErrors.avg": "double",
"aws.lambda.metrics.DestinationDeliveryFailures.avg": "double",
"aws.lambda.metrics.Duration.avg": "double",
"aws.lambda.metrics.Errors.avg": "double",
"aws.lambda.metrics.Invocations.avg": "double",
"aws.lambda.metrics.IteratorAge.avg": "double",
"aws.lambda.metrics.ProvisionedConcurrencyInvocations.sum": "long",
"aws.lambda.metrics.ProvisionedConcurrencySpilloverInvocations.sum": "long",
"aws.lambda.metrics.ProvisionedConcurrencyUtilization.max": "long",
"aws.lambda.metrics.ProvisionedConcurrentExecutions.max": "long",
"aws.lambda.metrics.Throttles.avg": "double",
"aws.lambda.metrics.UnreservedConcurrentExecutions.avg": "double",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"natgateway": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.NatGatewayId": "keyword",
"aws.natgateway.metrics.ActiveConnectionCount.max": "long",
"aws.natgateway.metrics.BytesInFromDestination.sum": "long",
"aws.natgateway.metrics.BytesInFromSource.sum": "long",
"aws.natgateway.metrics.BytesOutToDestination.sum": "long",
"aws.natgateway.metrics.BytesOutToSource.sum": "long",
"aws.natgateway.metrics.ConnectionAttemptCount.sum": "long",
"aws.natgateway.metrics.ConnectionEstablishedCount.sum": "long",
"aws.natgateway.metrics.ErrorPortAllocation.sum": "long",
"aws.natgateway.metrics.IdleTimeoutCount.sum": "long",
"aws.natgateway.metrics.PacketsDropCount.sum": "long",
"aws.natgateway.metrics.PacketsInFromDestination.sum": "long",
"aws.natgateway.metrics.PacketsInFromSource.sum": "long",
"aws.natgateway.metrics.PacketsOutToDestination.sum": "long",
"aws.natgateway.metrics.PacketsOutToSource.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"rds": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.DBClusterIdentifier": "keyword",
"aws.dimensions.DBClusterIdentifier,Role": "keyword",
"aws.dimensions.DBInstanceIdentifier": "keyword",
"aws.dimensions.DatabaseClass": "keyword",
"aws.dimensions.DbClusterIdentifier, EngineName": "keyword",
"aws.dimensions.EngineName": "keyword",
"aws.dimensions.SourceRegion": "keyword",
"aws.rds.aurora_bin_log_replica_lag": "long",
"aws.rds.aurora_global_db.data_transfer.bytes": "long",
"aws.rds.aurora_global_db.replicated_write_io.bytes": "long",
"aws.rds.aurora_global_db.replication_lag.ms": "long",
"aws.rds.aurora_replica.lag.ms": "long",
"aws.rds.aurora_replica.lag_max.ms": "long",
"aws.rds.aurora_replica.lag_min.ms": "long",
"aws.rds.aurora_volume_left_total.bytes": "long",
"aws.rds.backtrack_change_records.creation_rate": "long",
"aws.rds.backtrack_change_records.stored": "long",
"aws.rds.backtrack_window.actual": "long",
"aws.rds.backtrack_window.alert": "long",
"aws.rds.backup_storage_billed_total.bytes": "long",
"aws.rds.cache_hit_ratio.buffer": "long",
"aws.rds.cache_hit_ratio.result_set": "long",
"aws.rds.cpu.credit_balance": "long",
"aws.rds.cpu.credit_usage": "long",
"aws.rds.cpu.total.pct": "scaled_float",
"aws.rds.database_connections": "long",
"aws.rds.db_instance.arn": "keyword",
"aws.rds.db_instance.class": "keyword",
"aws.rds.db_instance.db_cluster_identifier": "keyword",
"aws.rds.db_instance.engine_name": "keyword",
"aws.rds.db_instance.identifier": "keyword",
"aws.rds.db_instance.role": "keyword",
"aws.rds.db_instance.status": "keyword",
"aws.rds.deadlocks": "long",
"aws.rds.disk_queue_depth": "float",
"aws.rds.disk_usage.bin_log.bytes": "long",
"aws.rds.disk_usage.replication_slot.mb": "long",
"aws.rds.disk_usage.transaction_logs.mb": "long",
"aws.rds.engine_uptime.sec": "long",
"aws.rds.failed_sql_server_agent_jobs": "long",
"aws.rds.free_local_storage.bytes": "long",
"aws.rds.free_storage.bytes": "long",
"aws.rds.freeable_memory.bytes": "long",
"aws.rds.latency.commit": "float",
"aws.rds.latency.ddl": "float",
"aws.rds.latency.delete": "float",
"aws.rds.latency.dml": "float",
"aws.rds.latency.insert": "float",
"aws.rds.latency.read": "float",
"aws.rds.latency.select": "float",
"aws.rds.latency.update": "float",
"aws.rds.latency.write": "float",
"aws.rds.login_failures": "long",
"aws.rds.maximum_used_transaction_ids": "long",
"aws.rds.oldest_replication_slot_lag.mb": "long",
"aws.rds.queries": "long",
"aws.rds.rds_to_aurora_postgresql_replica_lag.sec": "long",
"aws.rds.read_io.ops_per_sec": "float",
"aws.rds.replica_lag.sec": "long",
"aws.rds.storage_used.backup_retention_period.bytes": "long",
"aws.rds.storage_used.snapshot.bytes": "long",
"aws.rds.swap_usage.bytes": "long",
"aws.rds.throughput.commit": "float",
"aws.rds.throughput.ddl": "float",
"aws.rds.throughput.delete": "float",
"aws.rds.throughput.dml": "float",
"aws.rds.throughput.insert": "float",
"aws.rds.throughput.network": "float",
"aws.rds.throughput.network_receive": "float",
"aws.rds.throughput.network_transmit": "float",
"aws.rds.throughput.read": "float",
"aws.rds.throughput.select": "float",
"aws.rds.throughput.update": "float",
"aws.rds.throughput.write": "float",
"aws.rds.transaction_logs_generation": "long",
"aws.rds.transactions.active": "long",
"aws.rds.transactions.blocked": "long",
"aws.rds.volume.read.iops": "long",
"aws.rds.volume.write.iops": "long",
"aws.rds.volume_used.bytes": "long",
"aws.rds.write_io.ops_per_sec": "float",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3_daily_storage": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.dimensions.*": "object",
"aws.dimensions.BucketName": "keyword",
"aws.dimensions.FilterId": "keyword",
"aws.dimensions.StorageType": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.s3_daily_storage.bucket.size.bytes": "long",
"aws.s3_daily_storage.number_of_objects": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3_request": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.dimensions.*": "object",
"aws.dimensions.BucketName": "keyword",
"aws.dimensions.FilterId": "keyword",
"aws.dimensions.StorageType": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.s3_request.downloaded.bytes": "long",
"aws.s3_request.errors.4xx": "long",
"aws.s3_request.errors.5xx": "long",
"aws.s3_request.latency.first_byte.ms": "long",
"aws.s3_request.latency.total_request.ms": "long",
"aws.s3_request.requests.delete": "long",
"aws.s3_request.requests.get": "long",
"aws.s3_request.requests.head": "long",
"aws.s3_request.requests.list": "long",
"aws.s3_request.requests.post": "long",
"aws.s3_request.requests.put": "long",
"aws.s3_request.requests.select": "long",
"aws.s3_request.requests.select_returned.bytes": "long",
"aws.s3_request.requests.select_scanned.bytes": "long",
"aws.s3_request.requests.total": "long",
"aws.s3_request.uploaded.bytes": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3access": {
"@timestamp": "date",
"aws.s3access.authentication_type": "keyword",
"aws.s3access.bucket": "keyword",
"aws.s3access.bucket_owner": "keyword",
"aws.s3access.bytes_sent": "long",
"aws.s3access.cipher_suite": "keyword",
"aws.s3access.error_code": "keyword",
"aws.s3access.host_header": "keyword",
"aws.s3access.host_id": "keyword",
"aws.s3access.http_status": "long",
"aws.s3access.key": "keyword",
"aws.s3access.object_size": "long",
"aws.s3access.operation": "keyword",
"aws.s3access.referrer": "keyword",
"aws.s3access.remote_ip": "ip",
"aws.s3access.request_id": "keyword",
"aws.s3access.request_uri": "keyword",
"aws.s3access.requester": "keyword",
"aws.s3access.signature_version": "keyword",
"aws.s3access.tls_version": "keyword",
"aws.s3access.total_time": "long",
"aws.s3access.turn_around_time": "long",
"aws.s3access.user_agent": "keyword",
"aws.s3access.version_id": "keyword",
"client.address": "keyword",
"client.ip": "ip",
"client.user.id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.action": "keyword",
"event.code": "keyword",
"event.dataset": "constant_keyword",
"event.duration": "long",
"event.id": "keyword",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"geo.city_name": "keyword",
"geo.continent_name": "keyword",
"geo.country_iso_code": "keyword",
"geo.country_name": "keyword",
"geo.location": "geo_point",
"geo.region_iso_code": "keyword",
"geo.region_name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.body.bytes": "long",
"http.response.status_code": "long",
"http.version": "keyword",
"related.ip": "ip",
"related.user": "keyword",
"tags": "keyword",
"tls.cipher": "keyword",
"tls.version": "keyword",
"tls.version_protocol": "keyword",
"url.domain": "keyword",
"url.extension": "keyword",
"url.original": "keyword",
"url.path": "keyword",
"url.query": "keyword",
"url.scheme": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sns": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.Application": "keyword",
"aws.dimensions.Application,Platform": "keyword",
"aws.dimensions.Country": "keyword",
"aws.dimensions.Platform": "keyword",
"aws.dimensions.SMSType": "keyword",
"aws.dimensions.TopicName": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.sns.metrics.NumberOfMessagesPublished.sum": "long",
"aws.sns.metrics.NumberOfNotificationsDelivered.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFailed.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFailedToRedriveToDlq.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut-InvalidAttributes.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut-NoMessageAttributes.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut.sum": "long",
"aws.sns.metrics.NumberOfNotificationsRedrivenToDlq.sum": "long",
"aws.sns.metrics.PublishSize.avg": "double",
"aws.sns.metrics.SMSMonthToDateSpentUSD.sum": "long",
"aws.sns.metrics.SMSSuccessRate.avg": "double",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"sqs": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.QueueName": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.sqs.empty_receives": "long",
"aws.sqs.messages.delayed": "long",
"aws.sqs.messages.deleted": "long",
"aws.sqs.messages.not_visible": "long",
"aws.sqs.messages.received": "long",
"aws.sqs.messages.sent": "long",
"aws.sqs.messages.visible": "long",
"aws.sqs.oldest_message_age.sec": "long",
"aws.sqs.queue.name": "keyword",
"aws.sqs.sent_message_size.bytes": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"transitgateway": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.TransitGateway": "keyword",
"aws.dimensions.TransitGatewayAttachment": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.transitgateway.metrics.BytesIn.sum": "long",
"aws.transitgateway.metrics.BytesOut.sum": "long",
"aws.transitgateway.metrics.PacketDropCountBlackhole.sum": "long",
"aws.transitgateway.metrics.PacketDropCountNoRoute.sum": "long",
"aws.transitgateway.metrics.PacketsIn.sum": "long",
"aws.transitgateway.metrics.PacketsOut.sum": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"usage": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.Class": "keyword",
"aws.dimensions.Resource": "keyword",
"aws.dimensions.Service": "keyword",
"aws.dimensions.Type": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.usage.metrics.CallCount.sum": "long",
"aws.usage.metrics.ResourceCount.sum": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"vpcflow": {
"@timestamp": "date",
"aws.vpcflow.account_id": "keyword",
"aws.vpcflow.action": "keyword",
"aws.vpcflow.instance_id": "keyword",
"aws.vpcflow.interface_id": "keyword",
"aws.vpcflow.log_status": "keyword",
"aws.vpcflow.pkt_dstaddr": "ip",
"aws.vpcflow.pkt_srcaddr": "ip",
"aws.vpcflow.subnet_id": "keyword",
"aws.vpcflow.tcp_flags": "keyword",
"aws.vpcflow.type": "keyword",
"aws.vpcflow.version": "keyword",
"aws.vpcflow.vpc_id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.as.number": "long",
"destination.as.organization.name": "keyword",
"destination.geo.city_name": "keyword",
"destination.geo.continent_name": "keyword",
"destination.geo.country_iso_code": "keyword",
"destination.geo.country_name": "keyword",
"destination.geo.location": "geo_point",
"destination.geo.region_iso_code": "keyword",
"destination.geo.region_name": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.message": "text",
"event.category": "keyword",
"event.dataset": "constant_keyword",
"event.end": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.outcome": "keyword",
"event.start": "date",
"event.type": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"network.bytes": "long",
"network.community_id": "keyword",
"network.iana_number": "keyword",
"network.packets": "long",
"network.transport": "keyword",
"network.type": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.bytes": "long",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.packets": "long",
"source.port": "long",
"tags": "keyword"
},
"vpn": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.TunnelIpAddress": "keyword",
"aws.dimensions.VpnId": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.vpn.metrics.TunnelDataIn.sum": "double",
"aws.vpn.metrics.TunnelDataOut.sum": "double",
"aws.vpn.metrics.TunnelState.avg": "double",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
}
},
"1.1.0": {
"billing": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.billing.AmortizedCost.amount": "double",
"aws.billing.AmortizedCost.unit": "keyword",
"aws.billing.BlendedCost.amount": "double",
"aws.billing.BlendedCost.unit": "keyword",
"aws.billing.Currency": "keyword",
"aws.billing.EstimatedCharges": "long",
"aws.billing.NormalizedUsageAmount.amount": "double",
"aws.billing.NormalizedUsageAmount.unit": "keyword",
"aws.billing.ServiceName": "keyword",
"aws.billing.UnblendedCost.amount": "double",
"aws.billing.UnblendedCost.unit": "keyword",
"aws.billing.UsageQuantity.amount": "double",
"aws.billing.UsageQuantity.unit": "keyword",
"aws.billing.end_date": "keyword",
"aws.billing.group_by": "object",
"aws.billing.group_definition.key": "keyword",
"aws.billing.group_definition.type": "keyword",
"aws.billing.start_date": "keyword",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.linked_account.id": "keyword",
"aws.linked_account.name": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"cloudtrail": {
"@timestamp": "date",
"aws.cloudtrail.additional_eventdata": "keyword",
"aws.cloudtrail.api_version": "keyword",
"aws.cloudtrail.console_login.additional_eventdata.login_to": "keyword",
"aws.cloudtrail.console_login.additional_eventdata.mfa_used": "boolean",
"aws.cloudtrail.console_login.additional_eventdata.mobile_version": "boolean",
"aws.cloudtrail.error_code": "keyword",
"aws.cloudtrail.error_message": "keyword",
"aws.cloudtrail.event_category": "keyword",
"aws.cloudtrail.event_type": "keyword",
"aws.cloudtrail.event_version": "keyword",
"aws.cloudtrail.flattened.additional_eventdata": "flattened",
"aws.cloudtrail.flattened.digest": "flattened",
"aws.cloudtrail.flattened.insight_details": "flattened",
"aws.cloudtrail.flattened.request_parameters": "flattened",
"aws.cloudtrail.flattened.response_elements": "flattened",
"aws.cloudtrail.flattened.service_event_details": "flattened",
"aws.cloudtrail.management_event": "keyword",
"aws.cloudtrail.read_only": "boolean",
"aws.cloudtrail.recipient_account_id": "keyword",
"aws.cloudtrail.request_id": "keyword",
"aws.cloudtrail.request_parameters": "keyword",
"aws.cloudtrail.resources.account_id": "keyword",
"aws.cloudtrail.resources.arn": "keyword",
"aws.cloudtrail.resources.type": "keyword",
"aws.cloudtrail.response_elements": "keyword",
"aws.cloudtrail.service_event_details": "keyword",
"aws.cloudtrail.shared_event_id": "keyword",
"aws.cloudtrail.user_identity.access_key_id": "keyword",
"aws.cloudtrail.user_identity.arn": "keyword",
"aws.cloudtrail.user_identity.invoked_by": "keyword",
"aws.cloudtrail.user_identity.session_context.creation_date": "date",
"aws.cloudtrail.user_identity.session_context.mfa_authenticated": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.account_id": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.arn": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.principal_id": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.type": "keyword",
"aws.cloudtrail.user_identity.type": "keyword",
"aws.cloudtrail.vpc_endpoint_id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.action": "keyword",
"event.created": "date",
"event.dataset": "constant_keyword",
"event.ingested": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.provider": "keyword",
"event.type": "keyword",
"file.hash.md5": "keyword",
"file.hash.sha1": "keyword",
"file.hash.sha256": "keyword",
"file.hash.sha512": "keyword",
"file.path": "keyword",
"group.id": "keyword",
"group.name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"related.hash": "keyword",
"related.user": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"tags": "keyword",
"user.changes.name": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user.target.id": "keyword",
"user.target.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"cloudwatch_logs": {
"@timestamp": "date",
"aws.cloudwatch.message": "text",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"tags": "keyword"
},
"cloudwatch_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"dynamodb": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dynamodb.metrics.AccountMaxReads.max": "long",
"aws.dynamodb.metrics.AccountMaxTableLevelReads.max": "long",
"aws.dynamodb.metrics.AccountMaxTableLevelWrites.max": "long",
"aws.dynamodb.metrics.AccountMaxWrites.max": "long",
"aws.dynamodb.metrics.AccountProvisionedReadCapacityUtilization.avg": "double",
"aws.dynamodb.metrics.AccountProvisionedWriteCapacityUtilization.avg": "double",
"aws.dynamodb.metrics.ConditionalCheckFailedRequests.sum": "long",
"aws.dynamodb.metrics.ConsumedReadCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ConsumedReadCapacityUnits.sum": "long",
"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.sum": "long",
"aws.dynamodb.metrics.MaxProvisionedTableReadCapacityUtilization.max": "double",
"aws.dynamodb.metrics.MaxProvisionedTableWriteCapacityUtilization.max": "double",
"aws.dynamodb.metrics.OnlineIndexPercentageProgress.avg": "double",
"aws.dynamodb.metrics.PendingReplicationCount.sum": "long",
"aws.dynamodb.metrics.ProvisionedReadCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ProvisionedWriteCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ReadThrottleEvents.sum": "long",
"aws.dynamodb.metrics.ReplicationLatency.avg": "double",
"aws.dynamodb.metrics.ReplicationLatency.max": "double",
"aws.dynamodb.metrics.SuccessfulRequestLatency.avg": "double",
"aws.dynamodb.metrics.SuccessfulRequestLatency.max": "double",
"aws.dynamodb.metrics.SystemErrors.sum": "long",
"aws.dynamodb.metrics.ThrottledRequests.sum": "long",
"aws.dynamodb.metrics.TransactionConflict.avg": "double",
"aws.dynamodb.metrics.TransactionConflict.sum": "long",
"aws.dynamodb.metrics.WriteThrottleEvents.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"ebs": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.VolumeId": "keyword",
"aws.ebs.metrics.BurstBalance.avg": "double",
"aws.ebs.metrics.VolumeConsumedReadWriteOps.avg": "double",
"aws.ebs.metrics.VolumeIdleTime.sum": "double",
"aws.ebs.metrics.VolumeQueueLength.avg": "double",
"aws.ebs.metrics.VolumeReadBytes.avg": "double",
"aws.ebs.metrics.VolumeReadOps.avg": "double",
"aws.ebs.metrics.VolumeThroughputPercentage.avg": "double",
"aws.ebs.metrics.VolumeTotalReadTime.sum": "double",
"aws.ebs.metrics.VolumeTotalWriteTime.sum": "double",
"aws.ebs.metrics.VolumeWriteBytes.avg": "double",
"aws.ebs.metrics.VolumeWriteOps.avg": "double",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"ec2_logs": {
"@timestamp": "date",
"aws.ec2.ip_address": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"message": "text",
"process.name": "keyword",
"tags": "keyword"
},
"ec2_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AutoScalingGroupName": "keyword",
"aws.dimensions.ImageId": "keyword",
"aws.dimensions.InstanceId": "keyword",
"aws.dimensions.InstanceType": "keyword",
"aws.ec2.cpu.credit_balance": "long",
"aws.ec2.cpu.credit_usage": "long",
"aws.ec2.cpu.surplus_credit_balance": "long",
"aws.ec2.cpu.surplus_credits_charged": "long",
"aws.ec2.cpu.total.pct": "scaled_float",
"aws.ec2.diskio.read.bytes": "long",
"aws.ec2.diskio.read.bytes_per_sec": "long",
"aws.ec2.diskio.read.count": "long",
"aws.ec2.diskio.read.count_per_sec": "long",
"aws.ec2.diskio.write.bytes": "long",
"aws.ec2.diskio.write.bytes_per_sec": "long",
"aws.ec2.diskio.write.count": "long",
"aws.ec2.diskio.write.count_per_sec": "long",
"aws.ec2.instance.core.count": "integer",
"aws.ec2.instance.image.id": "keyword",
"aws.ec2.instance.monitoring.state": "keyword",
"aws.ec2.instance.private.dns_name": "keyword",
"aws.ec2.instance.private.ip": "ip",
"aws.ec2.instance.public.dns_name": "keyword",
"aws.ec2.instance.public.ip": "ip",
"aws.ec2.instance.state.code": "integer",
"aws.ec2.instance.state.name": "keyword",
"aws.ec2.instance.threads_per_core": "integer",
"aws.ec2.network.in.bytes": "long",
"aws.ec2.network.in.bytes_per_sec": "long",
"aws.ec2.network.in.packets": "long",
"aws.ec2.network.in.packets_per_sec": "long",
"aws.ec2.network.out.bytes": "long",
"aws.ec2.network.out.bytes_per_sec": "long",
"aws.ec2.network.out.packets": "long",
"aws.ec2.network.out.packets_per_sec": "long",
"aws.ec2.status.check_failed": "long",
"aws.ec2.status.check_failed_instance": "long",
"aws.ec2.status.check_failed_system": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.cpu.pct": "scaled_float",
"host.disk.read.bytes": "long",
"host.disk.write.bytes": "long",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.network.in.bytes": "long",
"host.network.in.packets": "long",
"host.network.out.bytes": "long",
"host.network.out.packets": "long",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"elb_logs": {
"@timestamp": "date",
"aws.elb.action_executed": "keyword",
"aws.elb.backend.http.response.status_code": "long",
"aws.elb.backend.ip": "keyword",
"aws.elb.backend.port": "keyword",
"aws.elb.backend_processing_time.sec": "float",
"aws.elb.chosen_cert.arn": "keyword",
"aws.elb.chosen_cert.serial": "keyword",
"aws.elb.classification": "keyword",
"aws.elb.classification_reason": "keyword",
"aws.elb.connection_time.ms": "long",
"aws.elb.error.reason": "keyword",
"aws.elb.incoming_tls_alert": "keyword",
"aws.elb.listener": "keyword",
"aws.elb.matched_rule_priority": "keyword",
"aws.elb.name": "keyword",
"aws.elb.protocol": "keyword",
"aws.elb.redirect_url": "keyword",
"aws.elb.request_processing_time.sec": "float",
"aws.elb.response_processing_time.sec": "float",
"aws.elb.ssl_cipher": "keyword",
"aws.elb.ssl_protocol": "keyword",
"aws.elb.target_group.arn": "keyword",
"aws.elb.target_port": "keyword",
"aws.elb.target_status_code": "keyword",
"aws.elb.tls_handshake_time.ms": "long",
"aws.elb.tls_named_group": "keyword",
"aws.elb.trace_id": "keyword",
"aws.elb.type": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.bytes": "long",
"destination.domain": "keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.category": "keyword",
"event.dataset": "constant_keyword",
"event.end": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"event.start": "date",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.body.bytes": "long",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.body.bytes": "long",
"http.response.status_code": "long",
"http.version": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "keyword",
"tags": "keyword",
"tracing.trace.id": "keyword",
"url.domain": "keyword",
"url.original": "keyword",
"url.path": "keyword",
"url.port": "long",
"url.scheme": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.version": "keyword"
},
"elb_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.applicationelb.metrics.ActiveConnectionCount.sum": "long",
"aws.applicationelb.metrics.ClientTLSNegotiationErrorCount.sum": "long",
"aws.applicationelb.metrics.ConsumedLCUs.avg": "double",
"aws.applicationelb.metrics.HTTPCode_ELB_3XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_4XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_500_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_502_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_503_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_504_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_5XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Fixed_Response_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Redirect_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Redirect_Url_Limit_Exceeded_Count.sum": "long",
"aws.applicationelb.metrics.IPv6ProcessedBytes.sum": "long",
"aws.applicationelb.metrics.IPv6RequestCount.sum": "long",
"aws.applicationelb.metrics.NewConnectionCount.sum": "long",
"aws.applicationelb.metrics.ProcessedBytes.sum": "long",
"aws.applicationelb.metrics.RejectedConnectionCount.sum": "long",
"aws.applicationelb.metrics.RequestCount.sum": "long",
"aws.applicationelb.metrics.RuleEvaluations.sum": "long",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AvailabilityZone": "keyword",
"aws.dimensions.LoadBalancer": "keyword",
"aws.dimensions.LoadBalancerName": "keyword",
"aws.dimensions.TargetGroup": "keyword",
"aws.elb.metrics.BackendConnectionErrors.sum": "long",
"aws.elb.metrics.EstimatedALBActiveConnectionCount.avg": "double",
"aws.elb.metrics.EstimatedALBConsumedLCUs.avg": "double",
"aws.elb.metrics.EstimatedALBNewConnectionCount.avg": "double",
"aws.elb.metrics.EstimatedProcessedBytes.avg": "double",
"aws.elb.metrics.HTTPCode_Backend_2XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_3XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_4XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_5XX.sum": "long",
"aws.elb.metrics.HTTPCode_ELB_4XX.sum": "long",
"aws.elb.metrics.HTTPCode_ELB_5XX.sum": "long",
"aws.elb.metrics.HealthyHostCount.max": "long",
"aws.elb.metrics.Latency.avg": "double",
"aws.elb.metrics.RequestCount.sum": "long",
"aws.elb.metrics.SpilloverCount.sum": "long",
"aws.elb.metrics.SurgeQueueLength.max": "long",
"aws.elb.metrics.UnHealthyHostCount.max": "long",
"aws.networkelb.metrics.ActiveFlowCount.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_TCP.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_TLS.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_UDP.avg": "double",
"aws.networkelb.metrics.ClientTLSNegotiationErrorCount.sum": "long",
"aws.networkelb.metrics.ConsumedLCUs.avg": "double",
"aws.networkelb.metrics.HealthyHostCount.max": "long",
"aws.networkelb.metrics.NewFlowCount.sum": "long",
"aws.networkelb.metrics.NewFlowCount_TLS.sum": "long",
"aws.networkelb.metrics.ProcessedBytes.sum": "long",
"aws.networkelb.metrics.ProcessedBytes_TLS.sum": "long",
"aws.networkelb.metrics.TCP_Client_Reset_Count.sum": "long",
"aws.networkelb.metrics.TCP_ELB_Reset_Count.sum": "long",
"aws.networkelb.metrics.TCP_Target_Reset_Count.sum": "long",
"aws.networkelb.metrics.TargetTLSNegotiationErrorCount.sum": "long",
"aws.networkelb.metrics.UnHealthyHostCount.max": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"lambda": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.ExecutedVersion": "keyword",
"aws.dimensions.FunctionName": "keyword",
"aws.dimensions.Resource": "keyword",
"aws.lambda.metrics.ConcurrentExecutions.avg": "double",
"aws.lambda.metrics.DeadLetterErrors.avg": "double",
"aws.lambda.metrics.DestinationDeliveryFailures.avg": "double",
"aws.lambda.metrics.Duration.avg": "double",
"aws.lambda.metrics.Errors.avg": "double",
"aws.lambda.metrics.Invocations.avg": "double",
"aws.lambda.metrics.IteratorAge.avg": "double",
"aws.lambda.metrics.ProvisionedConcurrencyInvocations.sum": "long",
"aws.lambda.metrics.ProvisionedConcurrencySpilloverInvocations.sum": "long",
"aws.lambda.metrics.ProvisionedConcurrencyUtilization.max": "long",
"aws.lambda.metrics.ProvisionedConcurrentExecutions.max": "long",
"aws.lambda.metrics.Throttles.avg": "double",
"aws.lambda.metrics.UnreservedConcurrentExecutions.avg": "double",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"natgateway": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.NatGatewayId": "keyword",
"aws.natgateway.metrics.ActiveConnectionCount.max": "long",
"aws.natgateway.metrics.BytesInFromDestination.sum": "long",
"aws.natgateway.metrics.BytesInFromSource.sum": "long",
"aws.natgateway.metrics.BytesOutToDestination.sum": "long",
"aws.natgateway.metrics.BytesOutToSource.sum": "long",
"aws.natgateway.metrics.ConnectionAttemptCount.sum": "long",
"aws.natgateway.metrics.ConnectionEstablishedCount.sum": "long",
"aws.natgateway.metrics.ErrorPortAllocation.sum": "long",
"aws.natgateway.metrics.IdleTimeoutCount.sum": "long",
"aws.natgateway.metrics.PacketsDropCount.sum": "long",
"aws.natgateway.metrics.PacketsInFromDestination.sum": "long",
"aws.natgateway.metrics.PacketsInFromSource.sum": "long",
"aws.natgateway.metrics.PacketsOutToDestination.sum": "long",
"aws.natgateway.metrics.PacketsOutToSource.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"rds": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.DBClusterIdentifier": "keyword",
"aws.dimensions.DBClusterIdentifier,Role": "keyword",
"aws.dimensions.DBInstanceIdentifier": "keyword",
"aws.dimensions.DatabaseClass": "keyword",
"aws.dimensions.DbClusterIdentifier, EngineName": "keyword",
"aws.dimensions.EngineName": "keyword",
"aws.dimensions.SourceRegion": "keyword",
"aws.rds.aurora_bin_log_replica_lag": "long",
"aws.rds.aurora_global_db.data_transfer.bytes": "long",
"aws.rds.aurora_global_db.replicated_write_io.bytes": "long",
"aws.rds.aurora_global_db.replication_lag.ms": "long",
"aws.rds.aurora_replica.lag.ms": "long",
"aws.rds.aurora_replica.lag_max.ms": "long",
"aws.rds.aurora_replica.lag_min.ms": "long",
"aws.rds.aurora_volume_left_total.bytes": "long",
"aws.rds.backtrack_change_records.creation_rate": "long",
"aws.rds.backtrack_change_records.stored": "long",
"aws.rds.backtrack_window.actual": "long",
"aws.rds.backtrack_window.alert": "long",
"aws.rds.backup_storage_billed_total.bytes": "long",
"aws.rds.cache_hit_ratio.buffer": "long",
"aws.rds.cache_hit_ratio.result_set": "long",
"aws.rds.cpu.credit_balance": "long",
"aws.rds.cpu.credit_usage": "long",
"aws.rds.cpu.total.pct": "scaled_float",
"aws.rds.database_connections": "long",
"aws.rds.db_instance.arn": "keyword",
"aws.rds.db_instance.class": "keyword",
"aws.rds.db_instance.db_cluster_identifier": "keyword",
"aws.rds.db_instance.engine_name": "keyword",
"aws.rds.db_instance.identifier": "keyword",
"aws.rds.db_instance.role": "keyword",
"aws.rds.db_instance.status": "keyword",
"aws.rds.deadlocks": "long",
"aws.rds.disk_queue_depth": "float",
"aws.rds.disk_usage.bin_log.bytes": "long",
"aws.rds.disk_usage.replication_slot.mb": "long",
"aws.rds.disk_usage.transaction_logs.mb": "long",
"aws.rds.engine_uptime.sec": "long",
"aws.rds.failed_sql_server_agent_jobs": "long",
"aws.rds.free_local_storage.bytes": "long",
"aws.rds.free_storage.bytes": "long",
"aws.rds.freeable_memory.bytes": "long",
"aws.rds.latency.commit": "float",
"aws.rds.latency.ddl": "float",
"aws.rds.latency.delete": "float",
"aws.rds.latency.dml": "float",
"aws.rds.latency.insert": "float",
"aws.rds.latency.read": "float",
"aws.rds.latency.select": "float",
"aws.rds.latency.update": "float",
"aws.rds.latency.write": "float",
"aws.rds.login_failures": "long",
"aws.rds.maximum_used_transaction_ids": "long",
"aws.rds.oldest_replication_slot_lag.mb": "long",
"aws.rds.queries": "long",
"aws.rds.rds_to_aurora_postgresql_replica_lag.sec": "long",
"aws.rds.read_io.ops_per_sec": "float",
"aws.rds.replica_lag.sec": "long",
"aws.rds.storage_used.backup_retention_period.bytes": "long",
"aws.rds.storage_used.snapshot.bytes": "long",
"aws.rds.swap_usage.bytes": "long",
"aws.rds.throughput.commit": "float",
"aws.rds.throughput.ddl": "float",
"aws.rds.throughput.delete": "float",
"aws.rds.throughput.dml": "float",
"aws.rds.throughput.insert": "float",
"aws.rds.throughput.network": "float",
"aws.rds.throughput.network_receive": "float",
"aws.rds.throughput.network_transmit": "float",
"aws.rds.throughput.read": "float",
"aws.rds.throughput.select": "float",
"aws.rds.throughput.update": "float",
"aws.rds.throughput.write": "float",
"aws.rds.transaction_logs_generation": "long",
"aws.rds.transactions.active": "long",
"aws.rds.transactions.blocked": "long",
"aws.rds.volume.read.iops": "long",
"aws.rds.volume.write.iops": "long",
"aws.rds.volume_used.bytes": "long",
"aws.rds.write_io.ops_per_sec": "float",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3_daily_storage": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.dimensions.*": "object",
"aws.dimensions.BucketName": "keyword",
"aws.dimensions.FilterId": "keyword",
"aws.dimensions.StorageType": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.s3_daily_storage.bucket.size.bytes": "long",
"aws.s3_daily_storage.number_of_objects": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3_request": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.dimensions.*": "object",
"aws.dimensions.BucketName": "keyword",
"aws.dimensions.FilterId": "keyword",
"aws.dimensions.StorageType": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.s3_request.downloaded.bytes": "long",
"aws.s3_request.errors.4xx": "long",
"aws.s3_request.errors.5xx": "long",
"aws.s3_request.latency.first_byte.ms": "long",
"aws.s3_request.latency.total_request.ms": "long",
"aws.s3_request.requests.delete": "long",
"aws.s3_request.requests.get": "long",
"aws.s3_request.requests.head": "long",
"aws.s3_request.requests.list": "long",
"aws.s3_request.requests.post": "long",
"aws.s3_request.requests.put": "long",
"aws.s3_request.requests.select": "long",
"aws.s3_request.requests.select_returned.bytes": "long",
"aws.s3_request.requests.select_scanned.bytes": "long",
"aws.s3_request.requests.total": "long",
"aws.s3_request.uploaded.bytes": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3access": {
"@timestamp": "date",
"aws.s3access.authentication_type": "keyword",
"aws.s3access.bucket": "keyword",
"aws.s3access.bucket_owner": "keyword",
"aws.s3access.bytes_sent": "long",
"aws.s3access.cipher_suite": "keyword",
"aws.s3access.error_code": "keyword",
"aws.s3access.host_header": "keyword",
"aws.s3access.host_id": "keyword",
"aws.s3access.http_status": "long",
"aws.s3access.key": "keyword",
"aws.s3access.object_size": "long",
"aws.s3access.operation": "keyword",
"aws.s3access.referrer": "keyword",
"aws.s3access.remote_ip": "ip",
"aws.s3access.request_id": "keyword",
"aws.s3access.request_uri": "keyword",
"aws.s3access.requester": "keyword",
"aws.s3access.signature_version": "keyword",
"aws.s3access.tls_version": "keyword",
"aws.s3access.total_time": "long",
"aws.s3access.turn_around_time": "long",
"aws.s3access.user_agent": "keyword",
"aws.s3access.version_id": "keyword",
"client.address": "keyword",
"client.ip": "ip",
"client.user.id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.action": "keyword",
"event.code": "keyword",
"event.dataset": "constant_keyword",
"event.duration": "long",
"event.id": "keyword",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"geo.city_name": "keyword",
"geo.continent_name": "keyword",
"geo.country_iso_code": "keyword",
"geo.country_name": "keyword",
"geo.location": "geo_point",
"geo.region_iso_code": "keyword",
"geo.region_name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.body.bytes": "long",
"http.response.status_code": "long",
"http.version": "keyword",
"related.ip": "ip",
"related.user": "keyword",
"tags": "keyword",
"tls.cipher": "keyword",
"tls.version": "keyword",
"tls.version_protocol": "keyword",
"url.domain": "keyword",
"url.extension": "keyword",
"url.original": "keyword",
"url.path": "keyword",
"url.query": "keyword",
"url.scheme": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sns": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.Application": "keyword",
"aws.dimensions.Application,Platform": "keyword",
"aws.dimensions.Country": "keyword",
"aws.dimensions.Platform": "keyword",
"aws.dimensions.SMSType": "keyword",
"aws.dimensions.TopicName": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.sns.metrics.NumberOfMessagesPublished.sum": "long",
"aws.sns.metrics.NumberOfNotificationsDelivered.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFailed.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFailedToRedriveToDlq.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut-InvalidAttributes.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut-NoMessageAttributes.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut.sum": "long",
"aws.sns.metrics.NumberOfNotificationsRedrivenToDlq.sum": "long",
"aws.sns.metrics.PublishSize.avg": "double",
"aws.sns.metrics.SMSMonthToDateSpentUSD.sum": "long",
"aws.sns.metrics.SMSSuccessRate.avg": "double",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"sqs": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.QueueName": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.sqs.empty_receives": "long",
"aws.sqs.messages.delayed": "long",
"aws.sqs.messages.deleted": "long",
"aws.sqs.messages.not_visible": "long",
"aws.sqs.messages.received": "long",
"aws.sqs.messages.sent": "long",
"aws.sqs.messages.visible": "long",
"aws.sqs.oldest_message_age.sec": "long",
"aws.sqs.queue.name": "keyword",
"aws.sqs.sent_message_size.bytes": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"transitgateway": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.TransitGateway": "keyword",
"aws.dimensions.TransitGatewayAttachment": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.transitgateway.metrics.BytesIn.sum": "long",
"aws.transitgateway.metrics.BytesOut.sum": "long",
"aws.transitgateway.metrics.PacketDropCountBlackhole.sum": "long",
"aws.transitgateway.metrics.PacketDropCountNoRoute.sum": "long",
"aws.transitgateway.metrics.PacketsIn.sum": "long",
"aws.transitgateway.metrics.PacketsOut.sum": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"usage": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.Class": "keyword",
"aws.dimensions.Resource": "keyword",
"aws.dimensions.Service": "keyword",
"aws.dimensions.Type": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.usage.metrics.CallCount.sum": "long",
"aws.usage.metrics.ResourceCount.sum": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"vpcflow": {
"@timestamp": "date",
"aws.vpcflow.account_id": "keyword",
"aws.vpcflow.action": "keyword",
"aws.vpcflow.instance_id": "keyword",
"aws.vpcflow.interface_id": "keyword",
"aws.vpcflow.log_status": "keyword",
"aws.vpcflow.pkt_dstaddr": "ip",
"aws.vpcflow.pkt_srcaddr": "ip",
"aws.vpcflow.subnet_id": "keyword",
"aws.vpcflow.tcp_flags": "keyword",
"aws.vpcflow.tcp_flags_array": "keyword",
"aws.vpcflow.type": "keyword",
"aws.vpcflow.version": "keyword",
"aws.vpcflow.vpc_id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.as.number": "long",
"destination.as.organization.name": "keyword",
"destination.geo.city_name": "keyword",
"destination.geo.continent_name": "keyword",
"destination.geo.country_iso_code": "keyword",
"destination.geo.country_name": "keyword",
"destination.geo.location": "geo_point",
"destination.geo.region_iso_code": "keyword",
"destination.geo.region_name": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.message": "text",
"event.category": "keyword",
"event.dataset": "constant_keyword",
"event.end": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.outcome": "keyword",
"event.start": "date",
"event.type": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"network.bytes": "long",
"network.community_id": "keyword",
"network.iana_number": "keyword",
"network.packets": "long",
"network.transport": "keyword",
"network.type": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.bytes": "long",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.packets": "long",
"source.port": "long",
"tags": "keyword"
},
"vpn": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.TunnelIpAddress": "keyword",
"aws.dimensions.VpnId": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.vpn.metrics.TunnelDataIn.sum": "double",
"aws.vpn.metrics.TunnelDataOut.sum": "double",
"aws.vpn.metrics.TunnelState.avg": "double",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
}
},
"1.10.2": {
"billing": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.billing.AmortizedCost.amount": "double",
"aws.billing.AmortizedCost.unit": "keyword",
"aws.billing.BlendedCost.amount": "double",
"aws.billing.BlendedCost.unit": "keyword",
"aws.billing.Currency": "keyword",
"aws.billing.EstimatedCharges": "long",
"aws.billing.NormalizedUsageAmount.amount": "double",
"aws.billing.NormalizedUsageAmount.unit": "keyword",
"aws.billing.ServiceName": "keyword",
"aws.billing.UnblendedCost.amount": "double",
"aws.billing.UnblendedCost.unit": "keyword",
"aws.billing.UsageQuantity.amount": "double",
"aws.billing.UsageQuantity.unit": "keyword",
"aws.billing.end_date": "keyword",
"aws.billing.group_by": "object",
"aws.billing.group_definition.key": "keyword",
"aws.billing.group_definition.type": "keyword",
"aws.billing.start_date": "keyword",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.linked_account.id": "keyword",
"aws.linked_account.name": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"cloudtrail": {
"@timestamp": "date",
"aws.cloudtrail.additional_eventdata": "keyword",
"aws.cloudtrail.api_version": "keyword",
"aws.cloudtrail.console_login.additional_eventdata.login_to": "keyword",
"aws.cloudtrail.console_login.additional_eventdata.mfa_used": "boolean",
"aws.cloudtrail.console_login.additional_eventdata.mobile_version": "boolean",
"aws.cloudtrail.error_code": "keyword",
"aws.cloudtrail.error_message": "keyword",
"aws.cloudtrail.event_category": "keyword",
"aws.cloudtrail.event_type": "keyword",
"aws.cloudtrail.event_version": "keyword",
"aws.cloudtrail.flattened.additional_eventdata": "flattened",
"aws.cloudtrail.flattened.digest": "flattened",
"aws.cloudtrail.flattened.insight_details": "flattened",
"aws.cloudtrail.flattened.request_parameters": "flattened",
"aws.cloudtrail.flattened.response_elements": "flattened",
"aws.cloudtrail.flattened.service_event_details": "flattened",
"aws.cloudtrail.management_event": "keyword",
"aws.cloudtrail.read_only": "boolean",
"aws.cloudtrail.recipient_account_id": "keyword",
"aws.cloudtrail.request_id": "keyword",
"aws.cloudtrail.request_parameters": "keyword",
"aws.cloudtrail.resources.account_id": "keyword",
"aws.cloudtrail.resources.arn": "keyword",
"aws.cloudtrail.resources.type": "keyword",
"aws.cloudtrail.response_elements": "keyword",
"aws.cloudtrail.service_event_details": "keyword",
"aws.cloudtrail.shared_event_id": "keyword",
"aws.cloudtrail.user_identity.access_key_id": "keyword",
"aws.cloudtrail.user_identity.arn": "keyword",
"aws.cloudtrail.user_identity.invoked_by": "keyword",
"aws.cloudtrail.user_identity.session_context.creation_date": "date",
"aws.cloudtrail.user_identity.session_context.mfa_authenticated": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.account_id": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.arn": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.principal_id": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.type": "keyword",
"aws.cloudtrail.user_identity.type": "keyword",
"aws.cloudtrail.vpc_endpoint_id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.created": "date",
"event.dataset": "constant_keyword",
"event.ingested": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.provider": "keyword",
"event.type": "keyword",
"file.hash.md5": "keyword",
"file.hash.sha1": "keyword",
"file.hash.sha256": "keyword",
"file.hash.sha512": "keyword",
"file.path": "keyword",
"group.id": "keyword",
"group.name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"related.hash": "keyword",
"related.user": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"tags": "keyword",
"user.changes.name": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user.target.id": "keyword",
"user.target.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"cloudwatch_logs": {
"@timestamp": "date",
"aws.cloudwatch.message": "text",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"tags": "keyword"
},
"cloudwatch_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"dynamodb": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dynamodb.metrics.AccountMaxReads.max": "long",
"aws.dynamodb.metrics.AccountMaxTableLevelReads.max": "long",
"aws.dynamodb.metrics.AccountMaxTableLevelWrites.max": "long",
"aws.dynamodb.metrics.AccountMaxWrites.max": "long",
"aws.dynamodb.metrics.AccountProvisionedReadCapacityUtilization.avg": "double",
"aws.dynamodb.metrics.AccountProvisionedWriteCapacityUtilization.avg": "double",
"aws.dynamodb.metrics.ConditionalCheckFailedRequests.sum": "long",
"aws.dynamodb.metrics.ConsumedReadCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ConsumedReadCapacityUnits.sum": "long",
"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.sum": "long",
"aws.dynamodb.metrics.MaxProvisionedTableReadCapacityUtilization.max": "double",
"aws.dynamodb.metrics.MaxProvisionedTableWriteCapacityUtilization.max": "double",
"aws.dynamodb.metrics.OnlineIndexPercentageProgress.avg": "double",
"aws.dynamodb.metrics.PendingReplicationCount.sum": "long",
"aws.dynamodb.metrics.ProvisionedReadCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ProvisionedWriteCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ReadThrottleEvents.sum": "long",
"aws.dynamodb.metrics.ReplicationLatency.avg": "double",
"aws.dynamodb.metrics.ReplicationLatency.max": "double",
"aws.dynamodb.metrics.SuccessfulRequestLatency.avg": "double",
"aws.dynamodb.metrics.SuccessfulRequestLatency.max": "double",
"aws.dynamodb.metrics.SystemErrors.sum": "long",
"aws.dynamodb.metrics.ThrottledRequests.sum": "long",
"aws.dynamodb.metrics.TransactionConflict.avg": "double",
"aws.dynamodb.metrics.TransactionConflict.sum": "long",
"aws.dynamodb.metrics.WriteThrottleEvents.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"ebs": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.VolumeId": "keyword",
"aws.ebs.metrics.BurstBalance.avg": "double",
"aws.ebs.metrics.VolumeConsumedReadWriteOps.avg": "double",
"aws.ebs.metrics.VolumeIdleTime.sum": "double",
"aws.ebs.metrics.VolumeQueueLength.avg": "double",
"aws.ebs.metrics.VolumeReadBytes.avg": "double",
"aws.ebs.metrics.VolumeReadOps.avg": "double",
"aws.ebs.metrics.VolumeThroughputPercentage.avg": "double",
"aws.ebs.metrics.VolumeTotalReadTime.sum": "double",
"aws.ebs.metrics.VolumeTotalWriteTime.sum": "double",
"aws.ebs.metrics.VolumeWriteBytes.avg": "double",
"aws.ebs.metrics.VolumeWriteOps.avg": "double",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"ec2_logs": {
"@timestamp": "date",
"aws.ec2.ip_address": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"message": "match_only_text",
"process.name": "keyword",
"tags": "keyword"
},
"ec2_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AutoScalingGroupName": "keyword",
"aws.dimensions.ImageId": "keyword",
"aws.dimensions.InstanceId": "keyword",
"aws.dimensions.InstanceType": "keyword",
"aws.ec2.cpu.credit_balance": "long",
"aws.ec2.cpu.credit_usage": "long",
"aws.ec2.cpu.surplus_credit_balance": "long",
"aws.ec2.cpu.surplus_credits_charged": "long",
"aws.ec2.cpu.total.pct": "scaled_float",
"aws.ec2.diskio.read.bytes": "long",
"aws.ec2.diskio.read.bytes_per_sec": "long",
"aws.ec2.diskio.read.count": "long",
"aws.ec2.diskio.read.count_per_sec": "long",
"aws.ec2.diskio.write.bytes": "long",
"aws.ec2.diskio.write.bytes_per_sec": "long",
"aws.ec2.diskio.write.count": "long",
"aws.ec2.diskio.write.count_per_sec": "long",
"aws.ec2.instance.core.count": "integer",
"aws.ec2.instance.image.id": "keyword",
"aws.ec2.instance.monitoring.state": "keyword",
"aws.ec2.instance.private.dns_name": "keyword",
"aws.ec2.instance.private.ip": "ip",
"aws.ec2.instance.public.dns_name": "keyword",
"aws.ec2.instance.public.ip": "ip",
"aws.ec2.instance.state.code": "integer",
"aws.ec2.instance.state.name": "keyword",
"aws.ec2.instance.threads_per_core": "integer",
"aws.ec2.network.in.bytes": "long",
"aws.ec2.network.in.bytes_per_sec": "long",
"aws.ec2.network.in.packets": "long",
"aws.ec2.network.in.packets_per_sec": "long",
"aws.ec2.network.out.bytes": "long",
"aws.ec2.network.out.bytes_per_sec": "long",
"aws.ec2.network.out.packets": "long",
"aws.ec2.network.out.packets_per_sec": "long",
"aws.ec2.status.check_failed": "long",
"aws.ec2.status.check_failed_instance": "long",
"aws.ec2.status.check_failed_system": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.cpu.pct": "scaled_float",
"host.disk.read.bytes": "long",
"host.disk.write.bytes": "long",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.network.in.bytes": "long",
"host.network.in.packets": "long",
"host.network.out.bytes": "long",
"host.network.out.packets": "long",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"elb_logs": {
"@timestamp": "date",
"aws.elb.action_executed": "keyword",
"aws.elb.backend.http.response.status_code": "long",
"aws.elb.backend.ip": "keyword",
"aws.elb.backend.port": "keyword",
"aws.elb.backend_processing_time.sec": "float",
"aws.elb.chosen_cert.arn": "keyword",
"aws.elb.chosen_cert.serial": "keyword",
"aws.elb.classification": "keyword",
"aws.elb.classification_reason": "keyword",
"aws.elb.connection_time.ms": "long",
"aws.elb.error.reason": "keyword",
"aws.elb.incoming_tls_alert": "keyword",
"aws.elb.listener": "keyword",
"aws.elb.matched_rule_priority": "keyword",
"aws.elb.name": "keyword",
"aws.elb.protocol": "keyword",
"aws.elb.redirect_url": "keyword",
"aws.elb.request_processing_time.sec": "float",
"aws.elb.response_processing_time.sec": "float",
"aws.elb.ssl_cipher": "keyword",
"aws.elb.ssl_protocol": "keyword",
"aws.elb.target_group.arn": "keyword",
"aws.elb.target_port": "keyword",
"aws.elb.target_status_code": "keyword",
"aws.elb.tls_handshake_time.ms": "long",
"aws.elb.tls_named_group": "keyword",
"aws.elb.trace_id": "keyword",
"aws.elb.type": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.bytes": "long",
"destination.domain": "keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.category": "keyword",
"event.dataset": "constant_keyword",
"event.end": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"event.start": "date",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.body.bytes": "long",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.body.bytes": "long",
"http.response.status_code": "long",
"http.version": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "keyword",
"tags": "keyword",
"tracing.trace.id": "keyword",
"url.domain": "keyword",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.scheme": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.version": "keyword"
},
"elb_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.applicationelb.metrics.ActiveConnectionCount.sum": "long",
"aws.applicationelb.metrics.ClientTLSNegotiationErrorCount.sum": "long",
"aws.applicationelb.metrics.ConsumedLCUs.avg": "double",
"aws.applicationelb.metrics.HTTPCode_ELB_3XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_4XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_500_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_502_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_503_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_504_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_5XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Fixed_Response_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Redirect_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Redirect_Url_Limit_Exceeded_Count.sum": "long",
"aws.applicationelb.metrics.IPv6ProcessedBytes.sum": "long",
"aws.applicationelb.metrics.IPv6RequestCount.sum": "long",
"aws.applicationelb.metrics.NewConnectionCount.sum": "long",
"aws.applicationelb.metrics.ProcessedBytes.sum": "long",
"aws.applicationelb.metrics.RejectedConnectionCount.sum": "long",
"aws.applicationelb.metrics.RequestCount.sum": "long",
"aws.applicationelb.metrics.RuleEvaluations.sum": "long",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AvailabilityZone": "keyword",
"aws.dimensions.LoadBalancer": "keyword",
"aws.dimensions.LoadBalancerName": "keyword",
"aws.dimensions.TargetGroup": "keyword",
"aws.elb.metrics.BackendConnectionErrors.sum": "long",
"aws.elb.metrics.EstimatedALBActiveConnectionCount.avg": "double",
"aws.elb.metrics.EstimatedALBConsumedLCUs.avg": "double",
"aws.elb.metrics.EstimatedALBNewConnectionCount.avg": "double",
"aws.elb.metrics.EstimatedProcessedBytes.avg": "double",
"aws.elb.metrics.HTTPCode_Backend_2XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_3XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_4XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_5XX.sum": "long",
"aws.elb.metrics.HTTPCode_ELB_4XX.sum": "long",
"aws.elb.metrics.HTTPCode_ELB_5XX.sum": "long",
"aws.elb.metrics.HealthyHostCount.max": "long",
"aws.elb.metrics.Latency.avg": "double",
"aws.elb.metrics.RequestCount.sum": "long",
"aws.elb.metrics.SpilloverCount.sum": "long",
"aws.elb.metrics.SurgeQueueLength.max": "long",
"aws.elb.metrics.UnHealthyHostCount.max": "long",
"aws.networkelb.metrics.ActiveFlowCount.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_TCP.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_TLS.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_UDP.avg": "double",
"aws.networkelb.metrics.ClientTLSNegotiationErrorCount.sum": "long",
"aws.networkelb.metrics.ConsumedLCUs.avg": "double",
"aws.networkelb.metrics.HealthyHostCount.max": "long",
"aws.networkelb.metrics.NewFlowCount.sum": "long",
"aws.networkelb.metrics.NewFlowCount_TLS.sum": "long",
"aws.networkelb.metrics.ProcessedBytes.sum": "long",
"aws.networkelb.metrics.ProcessedBytes_TLS.sum": "long",
"aws.networkelb.metrics.TCP_Client_Reset_Count.sum": "long",
"aws.networkelb.metrics.TCP_ELB_Reset_Count.sum": "long",
"aws.networkelb.metrics.TCP_Target_Reset_Count.sum": "long",
"aws.networkelb.metrics.TargetTLSNegotiationErrorCount.sum": "long",
"aws.networkelb.metrics.UnHealthyHostCount.max": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"firewall_logs": {
"@timestamp": "date",
"aws.firewall.flow.age": "long",
"aws.firewall.flow.bytes": "long",
"aws.firewall.flow.end": "date",
"aws.firewall.flow.id": "keyword",
"aws.firewall.flow.max_ttl": "short",
"aws.firewall.flow.min_ttl": "short",
"aws.firewall.flow.pkts": "long",
"aws.firewall.flow.start": "date",
"aws.firewall.tcp_flags": "keyword",
"aws.firewall.tcp_flags_array": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.as.number": "long",
"destination.as.organization.name": "keyword",
"destination.bytes": "long",
"destination.domain": "keyword",
"destination.geo.city_name": "keyword",
"destination.geo.continent_name": "keyword",
"destination.geo.country_iso_code": "keyword",
"destination.geo.country_name": "keyword",
"destination.geo.location": "geo_point",
"destination.geo.name": "keyword",
"destination.geo.region_iso_code": "keyword",
"destination.geo.region_name": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "date",
"event.dataset": "constant_keyword",
"event.ingested": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.provider": "keyword",
"event.type": "keyword",
"group.id": "keyword",
"group.name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.method": "keyword",
"http.version": "keyword",
"message": "match_only_text",
"network.community_id": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"network.type": "keyword",
"observer.name": "keyword",
"observer.product": "keyword",
"observer.type": "keyword",
"observer.vendor": "keyword",
"related.hosts": "keyword",
"related.ip": "ip",
"rule.category": "keyword",
"rule.id": "keyword",
"rule.name": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "long",
"tags": "keyword",
"url.domain": "keyword",
"url.original": "wildcard",
"url.path": "wildcard",
"url.scheme": "keyword",
"user.changes.name": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user.target.id": "keyword",
"user.target.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"firewall_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AvailabilityZone": "keyword",
"aws.dimensions.CustomAction": "keyword",
"aws.dimensions.Engine": "keyword",
"aws.dimensions.FirewallName": "keyword",
"aws.networkfirewall.DroppedPackets.sum": "long",
"aws.networkfirewall.Packets.sum": "long",
"aws.networkfirewall.PassedPackets.sum": "long",
"aws.networkfirewall.ReceivedPackets.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"lambda": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.ExecutedVersion": "keyword",
"aws.dimensions.FunctionName": "keyword",
"aws.dimensions.Resource": "keyword",
"aws.lambda.metrics.ConcurrentExecutions.avg": "double",
"aws.lambda.metrics.DeadLetterErrors.avg": "double",
"aws.lambda.metrics.DestinationDeliveryFailures.avg": "double",
"aws.lambda.metrics.Duration.avg": "double",
"aws.lambda.metrics.Errors.avg": "double",
"aws.lambda.metrics.Invocations.avg": "double",
"aws.lambda.metrics.IteratorAge.avg": "double",
"aws.lambda.metrics.ProvisionedConcurrencyInvocations.sum": "long",
"aws.lambda.metrics.ProvisionedConcurrencySpilloverInvocations.sum": "long",
"aws.lambda.metrics.ProvisionedConcurrencyUtilization.max": "long",
"aws.lambda.metrics.ProvisionedConcurrentExecutions.max": "long",
"aws.lambda.metrics.Throttles.avg": "double",
"aws.lambda.metrics.UnreservedConcurrentExecutions.avg": "double",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"natgateway": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.NatGatewayId": "keyword",
"aws.natgateway.metrics.ActiveConnectionCount.max": "long",
"aws.natgateway.metrics.BytesInFromDestination.sum": "long",
"aws.natgateway.metrics.BytesInFromSource.sum": "long",
"aws.natgateway.metrics.BytesOutToDestination.sum": "long",
"aws.natgateway.metrics.BytesOutToSource.sum": "long",
"aws.natgateway.metrics.ConnectionAttemptCount.sum": "long",
"aws.natgateway.metrics.ConnectionEstablishedCount.sum": "long",
"aws.natgateway.metrics.ErrorPortAllocation.sum": "long",
"aws.natgateway.metrics.IdleTimeoutCount.sum": "long",
"aws.natgateway.metrics.PacketsDropCount.sum": "long",
"aws.natgateway.metrics.PacketsInFromDestination.sum": "long",
"aws.natgateway.metrics.PacketsInFromSource.sum": "long",
"aws.natgateway.metrics.PacketsOutToDestination.sum": "long",
"aws.natgateway.metrics.PacketsOutToSource.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"rds": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.DBClusterIdentifier": "keyword",
"aws.dimensions.DBClusterIdentifier,Role": "keyword",
"aws.dimensions.DBInstanceIdentifier": "keyword",
"aws.dimensions.DatabaseClass": "keyword",
"aws.dimensions.DbClusterIdentifier, EngineName": "keyword",
"aws.dimensions.EngineName": "keyword",
"aws.dimensions.SourceRegion": "keyword",
"aws.rds.aurora_bin_log_replica_lag": "long",
"aws.rds.aurora_global_db.data_transfer.bytes": "long",
"aws.rds.aurora_global_db.replicated_write_io.bytes": "long",
"aws.rds.aurora_global_db.replication_lag.ms": "long",
"aws.rds.aurora_replica.lag.ms": "long",
"aws.rds.aurora_replica.lag_max.ms": "long",
"aws.rds.aurora_replica.lag_min.ms": "long",
"aws.rds.aurora_volume_left_total.bytes": "long",
"aws.rds.backtrack_change_records.creation_rate": "long",
"aws.rds.backtrack_change_records.stored": "long",
"aws.rds.backtrack_window.actual": "long",
"aws.rds.backtrack_window.alert": "long",
"aws.rds.backup_storage_billed_total.bytes": "long",
"aws.rds.cache_hit_ratio.buffer": "long",
"aws.rds.cache_hit_ratio.result_set": "long",
"aws.rds.cpu.credit_balance": "long",
"aws.rds.cpu.credit_usage": "long",
"aws.rds.cpu.total.pct": "scaled_float",
"aws.rds.database_connections": "long",
"aws.rds.db_instance.arn": "keyword",
"aws.rds.db_instance.class": "keyword",
"aws.rds.db_instance.db_cluster_identifier": "keyword",
"aws.rds.db_instance.engine_name": "keyword",
"aws.rds.db_instance.identifier": "keyword",
"aws.rds.db_instance.role": "keyword",
"aws.rds.db_instance.status": "keyword",
"aws.rds.deadlocks": "long",
"aws.rds.disk_queue_depth": "float",
"aws.rds.disk_usage.bin_log.bytes": "long",
"aws.rds.disk_usage.replication_slot.mb": "long",
"aws.rds.disk_usage.transaction_logs.mb": "long",
"aws.rds.engine_uptime.sec": "long",
"aws.rds.failed_sql_server_agent_jobs": "long",
"aws.rds.free_local_storage.bytes": "long",
"aws.rds.free_storage.bytes": "long",
"aws.rds.freeable_memory.bytes": "long",
"aws.rds.latency.commit": "float",
"aws.rds.latency.ddl": "float",
"aws.rds.latency.delete": "float",
"aws.rds.latency.dml": "float",
"aws.rds.latency.insert": "float",
"aws.rds.latency.read": "float",
"aws.rds.latency.select": "float",
"aws.rds.latency.update": "float",
"aws.rds.latency.write": "float",
"aws.rds.login_failures": "long",
"aws.rds.maximum_used_transaction_ids": "long",
"aws.rds.oldest_replication_slot_lag.mb": "long",
"aws.rds.queries": "long",
"aws.rds.rds_to_aurora_postgresql_replica_lag.sec": "long",
"aws.rds.read_io.ops_per_sec": "float",
"aws.rds.replica_lag.sec": "long",
"aws.rds.storage_used.backup_retention_period.bytes": "long",
"aws.rds.storage_used.snapshot.bytes": "long",
"aws.rds.swap_usage.bytes": "long",
"aws.rds.throughput.commit": "float",
"aws.rds.throughput.ddl": "float",
"aws.rds.throughput.delete": "float",
"aws.rds.throughput.dml": "float",
"aws.rds.throughput.insert": "float",
"aws.rds.throughput.network": "float",
"aws.rds.throughput.network_receive": "float",
"aws.rds.throughput.network_transmit": "float",
"aws.rds.throughput.read": "float",
"aws.rds.throughput.select": "float",
"aws.rds.throughput.update": "float",
"aws.rds.throughput.write": "float",
"aws.rds.transaction_logs_generation": "long",
"aws.rds.transactions.active": "long",
"aws.rds.transactions.blocked": "long",
"aws.rds.volume.read.iops": "long",
"aws.rds.volume.write.iops": "long",
"aws.rds.volume_used.bytes": "long",
"aws.rds.write_io.ops_per_sec": "float",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"route53_public_logs": {
"@timestamp": "date",
"aws.route53.edge_location": "keyword",
"aws.route53.edns_client_subnet": "keyword",
"aws.route53.hosted_zone_id": "keyword",
"awscloudwatch.ingestion_time": "date",
"awscloudwatch.log_group": "keyword",
"awscloudwatch.log_stream": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"dns.question.name": "keyword",
"dns.question.registered_domain": "keyword",
"dns.question.subdomain": "keyword",
"dns.question.top_level_domain": "keyword",
"dns.question.type": "keyword",
"dns.response_code": "keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"input.type": "keyword",
"log.file.path": "keyword",
"message": "match_only_text",
"network.iana_number": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"network.type": "keyword",
"related.hosts": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"tags": "keyword"
},
"route53_resolver_logs": {
"@timestamp": "date",
"aws.instance_id": "keyword",
"aws.route53.firewall.action": "keyword",
"aws.route53.firewall.domain_list.id": "keyword",
"aws.route53.firewall.rule_group.id": "keyword",
"aws.vpc_id": "keyword",
"awscloudwatch.ingestion_time": "date",
"awscloudwatch.log_group": "keyword",
"awscloudwatch.log_stream": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"dns.answers": "object",
"dns.question.class": "keyword",
"dns.question.name": "keyword",
"dns.question.registered_domain": "keyword",
"dns.question.subdomain": "keyword",
"dns.question.top_level_domain": "keyword",
"dns.question.type": "keyword",
"dns.response_code": "keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"input.type": "keyword",
"log.file.path": "keyword",
"message": "match_only_text",
"network.iana_number": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"network.type": "keyword",
"related.hosts": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "long",
"tags": "keyword"
},
"s3_daily_storage": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.dimensions.*": "object",
"aws.dimensions.BucketName": "keyword",
"aws.dimensions.FilterId": "keyword",
"aws.dimensions.StorageType": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.s3_daily_storage.bucket.size.bytes": "long",
"aws.s3_daily_storage.number_of_objects": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3_request": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.dimensions.*": "object",
"aws.dimensions.BucketName": "keyword",
"aws.dimensions.FilterId": "keyword",
"aws.dimensions.StorageType": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.s3_request.downloaded.bytes": "long",
"aws.s3_request.errors.4xx": "long",
"aws.s3_request.errors.5xx": "long",
"aws.s3_request.latency.first_byte.ms": "long",
"aws.s3_request.latency.total_request.ms": "long",
"aws.s3_request.requests.delete": "long",
"aws.s3_request.requests.get": "long",
"aws.s3_request.requests.head": "long",
"aws.s3_request.requests.list": "long",
"aws.s3_request.requests.post": "long",
"aws.s3_request.requests.put": "long",
"aws.s3_request.requests.select": "long",
"aws.s3_request.requests.select_returned.bytes": "long",
"aws.s3_request.requests.select_scanned.bytes": "long",
"aws.s3_request.requests.total": "long",
"aws.s3_request.uploaded.bytes": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3_storage_lens": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.s3.bucket.name": "keyword",
"aws.s3_storage_lens.metrics.4xxErrors.avg": "long",
"aws.s3_storage_lens.metrics.5xxErrors.avg": "long",
"aws.s3_storage_lens.metrics.AllRequests.avg": "long",
"aws.s3_storage_lens.metrics.BytesDownloaded.avg": "long",
"aws.s3_storage_lens.metrics.BytesUploaded.avg": "long",
"aws.s3_storage_lens.metrics.CurrentVersionObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.CurrentVersionStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.DeleteMarkerObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.DeleteRequests.avg": "long",
"aws.s3_storage_lens.metrics.EncryptedObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.EncryptedStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.GetRequests.avg": "long",
"aws.s3_storage_lens.metrics.HeadRequests.avg": "long",
"aws.s3_storage_lens.metrics.IncompleteMultipartUploadObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.IncompleteMultipartUploadStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.ListRequests.avg": "long",
"aws.s3_storage_lens.metrics.NonCurrentVersionObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.NonCurrentVersionStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.ObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.ObjectLockEnabledObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.ObjectLockEnabledStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.PostRequests.avg": "long",
"aws.s3_storage_lens.metrics.PutRequests.avg": "long",
"aws.s3_storage_lens.metrics.ReplicatedObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.ReplicatedStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.SelectRequests.avg": "long",
"aws.s3_storage_lens.metrics.SelectReturnedBytes.avg": "long",
"aws.s3_storage_lens.metrics.SelectScannedBytes.avg": "long",
"aws.s3_storage_lens.metrics.StorageBytes.avg": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3access": {
"@timestamp": "date",
"aws.s3access.authentication_type": "keyword",
"aws.s3access.bucket": "keyword",
"aws.s3access.bucket_owner": "keyword",
"aws.s3access.bytes_sent": "long",
"aws.s3access.cipher_suite": "keyword",
"aws.s3access.error_code": "keyword",
"aws.s3access.host_header": "keyword",
"aws.s3access.host_id": "keyword",
"aws.s3access.http_status": "long",
"aws.s3access.key": "keyword",
"aws.s3access.object_size": "long",
"aws.s3access.operation": "keyword",
"aws.s3access.referrer": "keyword",
"aws.s3access.remote_ip": "ip",
"aws.s3access.request_id": "keyword",
"aws.s3access.request_uri": "keyword",
"aws.s3access.requester": "keyword",
"aws.s3access.signature_version": "keyword",
"aws.s3access.tls_version": "keyword",
"aws.s3access.total_time": "long",
"aws.s3access.turn_around_time": "long",
"aws.s3access.user_agent": "keyword",
"aws.s3access.version_id": "keyword",
"client.address": "keyword",
"client.ip": "ip",
"client.user.id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.code": "keyword",
"event.dataset": "constant_keyword",
"event.duration": "long",
"event.id": "keyword",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"geo.city_name": "keyword",
"geo.continent_name": "keyword",
"geo.country_iso_code": "keyword",
"geo.country_name": "keyword",
"geo.location": "geo_point",
"geo.region_iso_code": "keyword",
"geo.region_name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.body.bytes": "long",
"http.response.status_code": "long",
"http.version": "keyword",
"related.ip": "ip",
"related.user": "keyword",
"tags": "keyword",
"tls.cipher": "keyword",
"tls.version": "keyword",
"tls.version_protocol": "keyword",
"url.domain": "keyword",
"url.extension": "keyword",
"url.original": "wildcard",
"url.path": "wildcard",
"url.query": "keyword",
"url.scheme": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sns": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.Application": "keyword",
"aws.dimensions.Application,Platform": "keyword",
"aws.dimensions.Country": "keyword",
"aws.dimensions.Platform": "keyword",
"aws.dimensions.SMSType": "keyword",
"aws.dimensions.TopicName": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.sns.metrics.NumberOfMessagesPublished.sum": "long",
"aws.sns.metrics.NumberOfNotificationsDelivered.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFailed.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFailedToRedriveToDlq.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut-InvalidAttributes.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut-NoMessageAttributes.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut.sum": "long",
"aws.sns.metrics.NumberOfNotificationsRedrivenToDlq.sum": "long",
"aws.sns.metrics.PublishSize.avg": "double",
"aws.sns.metrics.SMSMonthToDateSpentUSD.sum": "long",
"aws.sns.metrics.SMSSuccessRate.avg": "double",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"sqs": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.QueueName": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.sqs.empty_receives": "long",
"aws.sqs.messages.delayed": "long",
"aws.sqs.messages.deleted": "long",
"aws.sqs.messages.not_visible": "long",
"aws.sqs.messages.received": "long",
"aws.sqs.messages.sent": "long",
"aws.sqs.messages.visible": "long",
"aws.sqs.oldest_message_age.sec": "long",
"aws.sqs.queue.name": "keyword",
"aws.sqs.sent_message_size.bytes": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"transitgateway": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.TransitGateway": "keyword",
"aws.dimensions.TransitGatewayAttachment": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.transitgateway.metrics.BytesIn.sum": "long",
"aws.transitgateway.metrics.BytesOut.sum": "long",
"aws.transitgateway.metrics.PacketDropCountBlackhole.sum": "long",
"aws.transitgateway.metrics.PacketDropCountNoRoute.sum": "long",
"aws.transitgateway.metrics.PacketsIn.sum": "long",
"aws.transitgateway.metrics.PacketsOut.sum": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"usage": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.Class": "keyword",
"aws.dimensions.Resource": "keyword",
"aws.dimensions.Service": "keyword",
"aws.dimensions.Type": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.usage.metrics.CallCount.sum": "long",
"aws.usage.metrics.ResourceCount.sum": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"vpcflow": {
"@timestamp": "date",
"aws.vpcflow.account_id": "keyword",
"aws.vpcflow.action": "keyword",
"aws.vpcflow.instance_id": "keyword",
"aws.vpcflow.interface_id": "keyword",
"aws.vpcflow.log_status": "keyword",
"aws.vpcflow.pkt_dstaddr": "ip",
"aws.vpcflow.pkt_srcaddr": "ip",
"aws.vpcflow.subnet_id": "keyword",
"aws.vpcflow.tcp_flags": "keyword",
"aws.vpcflow.tcp_flags_array": "keyword",
"aws.vpcflow.type": "keyword",
"aws.vpcflow.version": "keyword",
"aws.vpcflow.vpc_id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.as.number": "long",
"destination.as.organization.name": "keyword",
"destination.geo.city_name": "keyword",
"destination.geo.continent_name": "keyword",
"destination.geo.country_iso_code": "keyword",
"destination.geo.country_name": "keyword",
"destination.geo.location": "geo_point",
"destination.geo.region_iso_code": "keyword",
"destination.geo.region_name": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.category": "keyword",
"event.dataset": "constant_keyword",
"event.end": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.outcome": "keyword",
"event.start": "date",
"event.type": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"network.bytes": "long",
"network.community_id": "keyword",
"network.iana_number": "keyword",
"network.packets": "long",
"network.transport": "keyword",
"network.type": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.bytes": "long",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.packets": "long",
"source.port": "long",
"tags": "keyword"
},
"vpn": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.TunnelIpAddress": "keyword",
"aws.dimensions.VpnId": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.vpn.metrics.TunnelDataIn.sum": "double",
"aws.vpn.metrics.TunnelDataOut.sum": "double",
"aws.vpn.metrics.TunnelState.avg": "double",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"waf": {
"@timestamp": "date",
"aws.waf.arn": "keyword",
"aws.waf.id": "keyword",
"aws.waf.non_terminating_matching_rules": "nested",
"aws.waf.rate_based_rule_list": "nested",
"aws.waf.request.headers": "flattened",
"aws.waf.rule_group_list": "nested",
"aws.waf.source.id": "keyword",
"aws.waf.source.name": "keyword",
"aws.waf.terminating_rule_match_details": "nested",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.dataset": "constant_keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.id": "keyword",
"http.request.method": "keyword",
"http.version": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"related.ip": "ip",
"rule.id": "keyword",
"rule.ruleset": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"tags": "keyword",
"url.path": "wildcard",
"url.query": "keyword"
}
},
"1.11.0": {
"billing": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.billing.AmortizedCost.amount": "double",
"aws.billing.AmortizedCost.unit": "keyword",
"aws.billing.BlendedCost.amount": "double",
"aws.billing.BlendedCost.unit": "keyword",
"aws.billing.Currency": "keyword",
"aws.billing.EstimatedCharges": "long",
"aws.billing.NormalizedUsageAmount.amount": "double",
"aws.billing.NormalizedUsageAmount.unit": "keyword",
"aws.billing.ServiceName": "keyword",
"aws.billing.UnblendedCost.amount": "double",
"aws.billing.UnblendedCost.unit": "keyword",
"aws.billing.UsageQuantity.amount": "double",
"aws.billing.UsageQuantity.unit": "keyword",
"aws.billing.end_date": "keyword",
"aws.billing.group_by": "object",
"aws.billing.group_definition.key": "keyword",
"aws.billing.group_definition.type": "keyword",
"aws.billing.start_date": "keyword",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.linked_account.id": "keyword",
"aws.linked_account.name": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"cloudtrail": {
"@timestamp": "date",
"aws.cloudtrail.additional_eventdata": "keyword",
"aws.cloudtrail.api_version": "keyword",
"aws.cloudtrail.console_login.additional_eventdata.login_to": "keyword",
"aws.cloudtrail.console_login.additional_eventdata.mfa_used": "boolean",
"aws.cloudtrail.console_login.additional_eventdata.mobile_version": "boolean",
"aws.cloudtrail.error_code": "keyword",
"aws.cloudtrail.error_message": "keyword",
"aws.cloudtrail.event_category": "keyword",
"aws.cloudtrail.event_type": "keyword",
"aws.cloudtrail.event_version": "keyword",
"aws.cloudtrail.flattened.additional_eventdata": "flattened",
"aws.cloudtrail.flattened.digest": "flattened",
"aws.cloudtrail.flattened.insight_details": "flattened",
"aws.cloudtrail.flattened.request_parameters": "flattened",
"aws.cloudtrail.flattened.response_elements": "flattened",
"aws.cloudtrail.flattened.service_event_details": "flattened",
"aws.cloudtrail.management_event": "keyword",
"aws.cloudtrail.read_only": "boolean",
"aws.cloudtrail.recipient_account_id": "keyword",
"aws.cloudtrail.request_id": "keyword",
"aws.cloudtrail.request_parameters": "keyword",
"aws.cloudtrail.resources.account_id": "keyword",
"aws.cloudtrail.resources.arn": "keyword",
"aws.cloudtrail.resources.type": "keyword",
"aws.cloudtrail.response_elements": "keyword",
"aws.cloudtrail.service_event_details": "keyword",
"aws.cloudtrail.shared_event_id": "keyword",
"aws.cloudtrail.user_identity.access_key_id": "keyword",
"aws.cloudtrail.user_identity.arn": "keyword",
"aws.cloudtrail.user_identity.invoked_by": "keyword",
"aws.cloudtrail.user_identity.session_context.creation_date": "date",
"aws.cloudtrail.user_identity.session_context.mfa_authenticated": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.account_id": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.arn": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.principal_id": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.type": "keyword",
"aws.cloudtrail.user_identity.type": "keyword",
"aws.cloudtrail.vpc_endpoint_id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.created": "date",
"event.dataset": "constant_keyword",
"event.ingested": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.provider": "keyword",
"event.type": "keyword",
"file.hash.md5": "keyword",
"file.hash.sha1": "keyword",
"file.hash.sha256": "keyword",
"file.hash.sha512": "keyword",
"file.path": "keyword",
"group.id": "keyword",
"group.name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"related.hash": "keyword",
"related.user": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"tags": "keyword",
"user.changes.name": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user.target.id": "keyword",
"user.target.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"cloudwatch_logs": {
"@timestamp": "date",
"aws.cloudwatch.message": "text",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"tags": "keyword"
},
"cloudwatch_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"dynamodb": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dynamodb.metrics.AccountMaxReads.max": "long",
"aws.dynamodb.metrics.AccountMaxTableLevelReads.max": "long",
"aws.dynamodb.metrics.AccountMaxTableLevelWrites.max": "long",
"aws.dynamodb.metrics.AccountMaxWrites.max": "long",
"aws.dynamodb.metrics.AccountProvisionedReadCapacityUtilization.avg": "double",
"aws.dynamodb.metrics.AccountProvisionedWriteCapacityUtilization.avg": "double",
"aws.dynamodb.metrics.ConditionalCheckFailedRequests.sum": "long",
"aws.dynamodb.metrics.ConsumedReadCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ConsumedReadCapacityUnits.sum": "long",
"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.sum": "long",
"aws.dynamodb.metrics.MaxProvisionedTableReadCapacityUtilization.max": "double",
"aws.dynamodb.metrics.MaxProvisionedTableWriteCapacityUtilization.max": "double",
"aws.dynamodb.metrics.OnlineIndexPercentageProgress.avg": "double",
"aws.dynamodb.metrics.PendingReplicationCount.sum": "long",
"aws.dynamodb.metrics.ProvisionedReadCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ProvisionedWriteCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ReadThrottleEvents.sum": "long",
"aws.dynamodb.metrics.ReplicationLatency.avg": "double",
"aws.dynamodb.metrics.ReplicationLatency.max": "double",
"aws.dynamodb.metrics.SuccessfulRequestLatency.avg": "double",
"aws.dynamodb.metrics.SuccessfulRequestLatency.max": "double",
"aws.dynamodb.metrics.SystemErrors.sum": "long",
"aws.dynamodb.metrics.ThrottledRequests.sum": "long",
"aws.dynamodb.metrics.TransactionConflict.avg": "double",
"aws.dynamodb.metrics.TransactionConflict.sum": "long",
"aws.dynamodb.metrics.WriteThrottleEvents.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"ebs": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.VolumeId": "keyword",
"aws.ebs.metrics.BurstBalance.avg": "double",
"aws.ebs.metrics.VolumeConsumedReadWriteOps.avg": "double",
"aws.ebs.metrics.VolumeIdleTime.sum": "double",
"aws.ebs.metrics.VolumeQueueLength.avg": "double",
"aws.ebs.metrics.VolumeReadBytes.avg": "double",
"aws.ebs.metrics.VolumeReadOps.avg": "double",
"aws.ebs.metrics.VolumeThroughputPercentage.avg": "double",
"aws.ebs.metrics.VolumeTotalReadTime.sum": "double",
"aws.ebs.metrics.VolumeTotalWriteTime.sum": "double",
"aws.ebs.metrics.VolumeWriteBytes.avg": "double",
"aws.ebs.metrics.VolumeWriteOps.avg": "double",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"ec2_logs": {
"@timestamp": "date",
"aws.ec2.ip_address": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"message": "match_only_text",
"process.name": "keyword",
"tags": "keyword"
},
"ec2_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AutoScalingGroupName": "keyword",
"aws.dimensions.ImageId": "keyword",
"aws.dimensions.InstanceId": "keyword",
"aws.dimensions.InstanceType": "keyword",
"aws.ec2.cpu.credit_balance": "long",
"aws.ec2.cpu.credit_usage": "long",
"aws.ec2.cpu.surplus_credit_balance": "long",
"aws.ec2.cpu.surplus_credits_charged": "long",
"aws.ec2.cpu.total.pct": "scaled_float",
"aws.ec2.diskio.read.bytes": "long",
"aws.ec2.diskio.read.bytes_per_sec": "long",
"aws.ec2.diskio.read.count": "long",
"aws.ec2.diskio.read.count_per_sec": "long",
"aws.ec2.diskio.write.bytes": "long",
"aws.ec2.diskio.write.bytes_per_sec": "long",
"aws.ec2.diskio.write.count": "long",
"aws.ec2.diskio.write.count_per_sec": "long",
"aws.ec2.instance.core.count": "integer",
"aws.ec2.instance.image.id": "keyword",
"aws.ec2.instance.monitoring.state": "keyword",
"aws.ec2.instance.private.dns_name": "keyword",
"aws.ec2.instance.private.ip": "ip",
"aws.ec2.instance.public.dns_name": "keyword",
"aws.ec2.instance.public.ip": "ip",
"aws.ec2.instance.state.code": "integer",
"aws.ec2.instance.state.name": "keyword",
"aws.ec2.instance.threads_per_core": "integer",
"aws.ec2.network.in.bytes": "long",
"aws.ec2.network.in.bytes_per_sec": "long",
"aws.ec2.network.in.packets": "long",
"aws.ec2.network.in.packets_per_sec": "long",
"aws.ec2.network.out.bytes": "long",
"aws.ec2.network.out.bytes_per_sec": "long",
"aws.ec2.network.out.packets": "long",
"aws.ec2.network.out.packets_per_sec": "long",
"aws.ec2.status.check_failed": "long",
"aws.ec2.status.check_failed_instance": "long",
"aws.ec2.status.check_failed_system": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.cpu.pct": "scaled_float",
"host.disk.read.bytes": "long",
"host.disk.write.bytes": "long",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.network.in.bytes": "long",
"host.network.in.packets": "long",
"host.network.out.bytes": "long",
"host.network.out.packets": "long",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"elb_logs": {
"@timestamp": "date",
"aws.elb.action_executed": "keyword",
"aws.elb.backend.http.response.status_code": "long",
"aws.elb.backend.ip": "keyword",
"aws.elb.backend.port": "keyword",
"aws.elb.backend_processing_time.sec": "float",
"aws.elb.chosen_cert.arn": "keyword",
"aws.elb.chosen_cert.serial": "keyword",
"aws.elb.classification": "keyword",
"aws.elb.classification_reason": "keyword",
"aws.elb.connection_time.ms": "long",
"aws.elb.error.reason": "keyword",
"aws.elb.incoming_tls_alert": "keyword",
"aws.elb.listener": "keyword",
"aws.elb.matched_rule_priority": "keyword",
"aws.elb.name": "keyword",
"aws.elb.protocol": "keyword",
"aws.elb.redirect_url": "keyword",
"aws.elb.request_processing_time.sec": "float",
"aws.elb.response_processing_time.sec": "float",
"aws.elb.ssl_cipher": "keyword",
"aws.elb.ssl_protocol": "keyword",
"aws.elb.target_group.arn": "keyword",
"aws.elb.target_port": "keyword",
"aws.elb.target_status_code": "keyword",
"aws.elb.tls_handshake_time.ms": "long",
"aws.elb.tls_named_group": "keyword",
"aws.elb.trace_id": "keyword",
"aws.elb.type": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.bytes": "long",
"destination.domain": "keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.category": "keyword",
"event.dataset": "constant_keyword",
"event.end": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"event.start": "date",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.body.bytes": "long",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.body.bytes": "long",
"http.response.status_code": "long",
"http.version": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "keyword",
"tags": "keyword",
"tracing.trace.id": "keyword",
"url.domain": "keyword",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.scheme": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.version": "keyword"
},
"elb_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.applicationelb.metrics.ActiveConnectionCount.sum": "long",
"aws.applicationelb.metrics.ClientTLSNegotiationErrorCount.sum": "long",
"aws.applicationelb.metrics.ConsumedLCUs.avg": "double",
"aws.applicationelb.metrics.HTTPCode_ELB_3XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_4XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_500_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_502_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_503_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_504_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_5XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Fixed_Response_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Redirect_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Redirect_Url_Limit_Exceeded_Count.sum": "long",
"aws.applicationelb.metrics.IPv6ProcessedBytes.sum": "long",
"aws.applicationelb.metrics.IPv6RequestCount.sum": "long",
"aws.applicationelb.metrics.NewConnectionCount.sum": "long",
"aws.applicationelb.metrics.ProcessedBytes.sum": "long",
"aws.applicationelb.metrics.RejectedConnectionCount.sum": "long",
"aws.applicationelb.metrics.RequestCount.sum": "long",
"aws.applicationelb.metrics.RuleEvaluations.sum": "long",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AvailabilityZone": "keyword",
"aws.dimensions.LoadBalancer": "keyword",
"aws.dimensions.LoadBalancerName": "keyword",
"aws.dimensions.TargetGroup": "keyword",
"aws.elb.metrics.BackendConnectionErrors.sum": "long",
"aws.elb.metrics.EstimatedALBActiveConnectionCount.avg": "double",
"aws.elb.metrics.EstimatedALBConsumedLCUs.avg": "double",
"aws.elb.metrics.EstimatedALBNewConnectionCount.avg": "double",
"aws.elb.metrics.EstimatedProcessedBytes.avg": "double",
"aws.elb.metrics.HTTPCode_Backend_2XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_3XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_4XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_5XX.sum": "long",
"aws.elb.metrics.HTTPCode_ELB_4XX.sum": "long",
"aws.elb.metrics.HTTPCode_ELB_5XX.sum": "long",
"aws.elb.metrics.HealthyHostCount.max": "long",
"aws.elb.metrics.Latency.avg": "double",
"aws.elb.metrics.RequestCount.sum": "long",
"aws.elb.metrics.SpilloverCount.sum": "long",
"aws.elb.metrics.SurgeQueueLength.max": "long",
"aws.elb.metrics.UnHealthyHostCount.max": "long",
"aws.networkelb.metrics.ActiveFlowCount.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_TCP.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_TLS.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_UDP.avg": "double",
"aws.networkelb.metrics.ClientTLSNegotiationErrorCount.sum": "long",
"aws.networkelb.metrics.ConsumedLCUs.avg": "double",
"aws.networkelb.metrics.HealthyHostCount.max": "long",
"aws.networkelb.metrics.NewFlowCount.sum": "long",
"aws.networkelb.metrics.NewFlowCount_TLS.sum": "long",
"aws.networkelb.metrics.ProcessedBytes.sum": "long",
"aws.networkelb.metrics.ProcessedBytes_TLS.sum": "long",
"aws.networkelb.metrics.TCP_Client_Reset_Count.sum": "long",
"aws.networkelb.metrics.TCP_ELB_Reset_Count.sum": "long",
"aws.networkelb.metrics.TCP_Target_Reset_Count.sum": "long",
"aws.networkelb.metrics.TargetTLSNegotiationErrorCount.sum": "long",
"aws.networkelb.metrics.UnHealthyHostCount.max": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"firewall_logs": {
"@timestamp": "date",
"aws.firewall.flow.age": "long",
"aws.firewall.flow.bytes": "long",
"aws.firewall.flow.end": "date",
"aws.firewall.flow.id": "keyword",
"aws.firewall.flow.max_ttl": "short",
"aws.firewall.flow.min_ttl": "short",
"aws.firewall.flow.pkts": "long",
"aws.firewall.flow.start": "date",
"aws.firewall.tcp_flags": "keyword",
"aws.firewall.tcp_flags_array": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.as.number": "long",
"destination.as.organization.name": "keyword",
"destination.bytes": "long",
"destination.domain": "keyword",
"destination.geo.city_name": "keyword",
"destination.geo.continent_name": "keyword",
"destination.geo.country_iso_code": "keyword",
"destination.geo.country_name": "keyword",
"destination.geo.location": "geo_point",
"destination.geo.name": "keyword",
"destination.geo.region_iso_code": "keyword",
"destination.geo.region_name": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "date",
"event.dataset": "constant_keyword",
"event.ingested": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.provider": "keyword",
"event.type": "keyword",
"group.id": "keyword",
"group.name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.method": "keyword",
"http.version": "keyword",
"message": "match_only_text",
"network.community_id": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"network.type": "keyword",
"observer.name": "keyword",
"observer.product": "keyword",
"observer.type": "keyword",
"observer.vendor": "keyword",
"related.hosts": "keyword",
"related.ip": "ip",
"rule.category": "keyword",
"rule.id": "keyword",
"rule.name": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "long",
"tags": "keyword",
"url.domain": "keyword",
"url.original": "wildcard",
"url.path": "wildcard",
"url.scheme": "keyword",
"user.changes.name": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user.target.id": "keyword",
"user.target.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"firewall_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AvailabilityZone": "keyword",
"aws.dimensions.CustomAction": "keyword",
"aws.dimensions.Engine": "keyword",
"aws.dimensions.FirewallName": "keyword",
"aws.networkfirewall.DroppedPackets.sum": "long",
"aws.networkfirewall.Packets.sum": "long",
"aws.networkfirewall.PassedPackets.sum": "long",
"aws.networkfirewall.ReceivedPackets.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"lambda": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.ExecutedVersion": "keyword",
"aws.dimensions.FunctionName": "keyword",
"aws.dimensions.Resource": "keyword",
"aws.lambda.metrics.ConcurrentExecutions.avg": "double",
"aws.lambda.metrics.DeadLetterErrors.avg": "double",
"aws.lambda.metrics.DestinationDeliveryFailures.avg": "double",
"aws.lambda.metrics.Duration.avg": "double",
"aws.lambda.metrics.Errors.avg": "double",
"aws.lambda.metrics.Invocations.avg": "double",
"aws.lambda.metrics.IteratorAge.avg": "double",
"aws.lambda.metrics.ProvisionedConcurrencyInvocations.sum": "long",
"aws.lambda.metrics.ProvisionedConcurrencySpilloverInvocations.sum": "long",
"aws.lambda.metrics.ProvisionedConcurrencyUtilization.max": "long",
"aws.lambda.metrics.ProvisionedConcurrentExecutions.max": "long",
"aws.lambda.metrics.Throttles.avg": "double",
"aws.lambda.metrics.UnreservedConcurrentExecutions.avg": "double",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"natgateway": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.NatGatewayId": "keyword",
"aws.natgateway.metrics.ActiveConnectionCount.max": "long",
"aws.natgateway.metrics.BytesInFromDestination.sum": "long",
"aws.natgateway.metrics.BytesInFromSource.sum": "long",
"aws.natgateway.metrics.BytesOutToDestination.sum": "long",
"aws.natgateway.metrics.BytesOutToSource.sum": "long",
"aws.natgateway.metrics.ConnectionAttemptCount.sum": "long",
"aws.natgateway.metrics.ConnectionEstablishedCount.sum": "long",
"aws.natgateway.metrics.ErrorPortAllocation.sum": "long",
"aws.natgateway.metrics.IdleTimeoutCount.sum": "long",
"aws.natgateway.metrics.PacketsDropCount.sum": "long",
"aws.natgateway.metrics.PacketsInFromDestination.sum": "long",
"aws.natgateway.metrics.PacketsInFromSource.sum": "long",
"aws.natgateway.metrics.PacketsOutToDestination.sum": "long",
"aws.natgateway.metrics.PacketsOutToSource.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"rds": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.DBClusterIdentifier": "keyword",
"aws.dimensions.DBClusterIdentifier,Role": "keyword",
"aws.dimensions.DBInstanceIdentifier": "keyword",
"aws.dimensions.DatabaseClass": "keyword",
"aws.dimensions.DbClusterIdentifier, EngineName": "keyword",
"aws.dimensions.EngineName": "keyword",
"aws.dimensions.SourceRegion": "keyword",
"aws.rds.aurora_bin_log_replica_lag": "long",
"aws.rds.aurora_global_db.data_transfer.bytes": "long",
"aws.rds.aurora_global_db.replicated_write_io.bytes": "long",
"aws.rds.aurora_global_db.replication_lag.ms": "long",
"aws.rds.aurora_replica.lag.ms": "long",
"aws.rds.aurora_replica.lag_max.ms": "long",
"aws.rds.aurora_replica.lag_min.ms": "long",
"aws.rds.aurora_volume_left_total.bytes": "long",
"aws.rds.backtrack_change_records.creation_rate": "long",
"aws.rds.backtrack_change_records.stored": "long",
"aws.rds.backtrack_window.actual": "long",
"aws.rds.backtrack_window.alert": "long",
"aws.rds.backup_storage_billed_total.bytes": "long",
"aws.rds.cache_hit_ratio.buffer": "long",
"aws.rds.cache_hit_ratio.result_set": "long",
"aws.rds.cpu.credit_balance": "long",
"aws.rds.cpu.credit_usage": "long",
"aws.rds.cpu.total.pct": "scaled_float",
"aws.rds.database_connections": "long",
"aws.rds.db_instance.arn": "keyword",
"aws.rds.db_instance.class": "keyword",
"aws.rds.db_instance.db_cluster_identifier": "keyword",
"aws.rds.db_instance.engine_name": "keyword",
"aws.rds.db_instance.identifier": "keyword",
"aws.rds.db_instance.role": "keyword",
"aws.rds.db_instance.status": "keyword",
"aws.rds.deadlocks": "long",
"aws.rds.disk_queue_depth": "float",
"aws.rds.disk_usage.bin_log.bytes": "long",
"aws.rds.disk_usage.replication_slot.mb": "long",
"aws.rds.disk_usage.transaction_logs.mb": "long",
"aws.rds.engine_uptime.sec": "long",
"aws.rds.failed_sql_server_agent_jobs": "long",
"aws.rds.free_local_storage.bytes": "long",
"aws.rds.free_storage.bytes": "long",
"aws.rds.freeable_memory.bytes": "long",
"aws.rds.latency.commit": "float",
"aws.rds.latency.ddl": "float",
"aws.rds.latency.delete": "float",
"aws.rds.latency.dml": "float",
"aws.rds.latency.insert": "float",
"aws.rds.latency.read": "float",
"aws.rds.latency.select": "float",
"aws.rds.latency.update": "float",
"aws.rds.latency.write": "float",
"aws.rds.login_failures": "long",
"aws.rds.maximum_used_transaction_ids": "long",
"aws.rds.oldest_replication_slot_lag.mb": "long",
"aws.rds.queries": "long",
"aws.rds.rds_to_aurora_postgresql_replica_lag.sec": "long",
"aws.rds.read_io.ops_per_sec": "float",
"aws.rds.replica_lag.sec": "long",
"aws.rds.storage_used.backup_retention_period.bytes": "long",
"aws.rds.storage_used.snapshot.bytes": "long",
"aws.rds.swap_usage.bytes": "long",
"aws.rds.throughput.commit": "float",
"aws.rds.throughput.ddl": "float",
"aws.rds.throughput.delete": "float",
"aws.rds.throughput.dml": "float",
"aws.rds.throughput.insert": "float",
"aws.rds.throughput.network": "float",
"aws.rds.throughput.network_receive": "float",
"aws.rds.throughput.network_transmit": "float",
"aws.rds.throughput.read": "float",
"aws.rds.throughput.select": "float",
"aws.rds.throughput.update": "float",
"aws.rds.throughput.write": "float",
"aws.rds.transaction_logs_generation": "long",
"aws.rds.transactions.active": "long",
"aws.rds.transactions.blocked": "long",
"aws.rds.volume.read.iops": "long",
"aws.rds.volume.write.iops": "long",
"aws.rds.volume_used.bytes": "long",
"aws.rds.write_io.ops_per_sec": "float",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"route53_public_logs": {
"@timestamp": "date",
"aws.route53.edge_location": "keyword",
"aws.route53.edns_client_subnet": "keyword",
"aws.route53.hosted_zone_id": "keyword",
"awscloudwatch.ingestion_time": "date",
"awscloudwatch.log_group": "keyword",
"awscloudwatch.log_stream": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"dns.question.name": "keyword",
"dns.question.registered_domain": "keyword",
"dns.question.subdomain": "keyword",
"dns.question.top_level_domain": "keyword",
"dns.question.type": "keyword",
"dns.response_code": "keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"input.type": "keyword",
"log.file.path": "keyword",
"message": "match_only_text",
"network.iana_number": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"network.type": "keyword",
"related.hosts": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"tags": "keyword"
},
"route53_resolver_logs": {
"@timestamp": "date",
"aws.instance_id": "keyword",
"aws.route53.firewall.action": "keyword",
"aws.route53.firewall.domain_list.id": "keyword",
"aws.route53.firewall.rule_group.id": "keyword",
"aws.vpc_id": "keyword",
"awscloudwatch.ingestion_time": "date",
"awscloudwatch.log_group": "keyword",
"awscloudwatch.log_stream": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"dns.answers": "object",
"dns.question.class": "keyword",
"dns.question.name": "keyword",
"dns.question.registered_domain": "keyword",
"dns.question.subdomain": "keyword",
"dns.question.top_level_domain": "keyword",
"dns.question.type": "keyword",
"dns.response_code": "keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"input.type": "keyword",
"log.file.path": "keyword",
"message": "match_only_text",
"network.iana_number": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"network.type": "keyword",
"related.hosts": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "long",
"tags": "keyword"
},
"s3_daily_storage": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.dimensions.*": "object",
"aws.dimensions.BucketName": "keyword",
"aws.dimensions.FilterId": "keyword",
"aws.dimensions.StorageType": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.s3_daily_storage.bucket.size.bytes": "long",
"aws.s3_daily_storage.number_of_objects": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3_request": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.dimensions.*": "object",
"aws.dimensions.BucketName": "keyword",
"aws.dimensions.FilterId": "keyword",
"aws.dimensions.StorageType": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.s3_request.downloaded.bytes": "long",
"aws.s3_request.errors.4xx": "long",
"aws.s3_request.errors.5xx": "long",
"aws.s3_request.latency.first_byte.ms": "long",
"aws.s3_request.latency.total_request.ms": "long",
"aws.s3_request.requests.delete": "long",
"aws.s3_request.requests.get": "long",
"aws.s3_request.requests.head": "long",
"aws.s3_request.requests.list": "long",
"aws.s3_request.requests.post": "long",
"aws.s3_request.requests.put": "long",
"aws.s3_request.requests.select": "long",
"aws.s3_request.requests.select_returned.bytes": "long",
"aws.s3_request.requests.select_scanned.bytes": "long",
"aws.s3_request.requests.total": "long",
"aws.s3_request.uploaded.bytes": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3_storage_lens": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.s3.bucket.name": "keyword",
"aws.s3_storage_lens.metrics.4xxErrors.avg": "long",
"aws.s3_storage_lens.metrics.5xxErrors.avg": "long",
"aws.s3_storage_lens.metrics.AllRequests.avg": "long",
"aws.s3_storage_lens.metrics.BytesDownloaded.avg": "long",
"aws.s3_storage_lens.metrics.BytesUploaded.avg": "long",
"aws.s3_storage_lens.metrics.CurrentVersionObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.CurrentVersionStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.DeleteMarkerObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.DeleteRequests.avg": "long",
"aws.s3_storage_lens.metrics.EncryptedObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.EncryptedStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.GetRequests.avg": "long",
"aws.s3_storage_lens.metrics.HeadRequests.avg": "long",
"aws.s3_storage_lens.metrics.IncompleteMultipartUploadObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.IncompleteMultipartUploadStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.ListRequests.avg": "long",
"aws.s3_storage_lens.metrics.NonCurrentVersionObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.NonCurrentVersionStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.ObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.ObjectLockEnabledObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.ObjectLockEnabledStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.PostRequests.avg": "long",
"aws.s3_storage_lens.metrics.PutRequests.avg": "long",
"aws.s3_storage_lens.metrics.ReplicatedObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.ReplicatedStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.SelectRequests.avg": "long",
"aws.s3_storage_lens.metrics.SelectReturnedBytes.avg": "long",
"aws.s3_storage_lens.metrics.SelectScannedBytes.avg": "long",
"aws.s3_storage_lens.metrics.StorageBytes.avg": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3access": {
"@timestamp": "date",
"aws.s3access.authentication_type": "keyword",
"aws.s3access.bucket": "keyword",
"aws.s3access.bucket_owner": "keyword",
"aws.s3access.bytes_sent": "long",
"aws.s3access.cipher_suite": "keyword",
"aws.s3access.error_code": "keyword",
"aws.s3access.host_header": "keyword",
"aws.s3access.host_id": "keyword",
"aws.s3access.http_status": "long",
"aws.s3access.key": "keyword",
"aws.s3access.object_size": "long",
"aws.s3access.operation": "keyword",
"aws.s3access.referrer": "keyword",
"aws.s3access.remote_ip": "ip",
"aws.s3access.request_id": "keyword",
"aws.s3access.request_uri": "keyword",
"aws.s3access.requester": "keyword",
"aws.s3access.signature_version": "keyword",
"aws.s3access.tls_version": "keyword",
"aws.s3access.total_time": "long",
"aws.s3access.turn_around_time": "long",
"aws.s3access.user_agent": "keyword",
"aws.s3access.version_id": "keyword",
"client.address": "keyword",
"client.ip": "ip",
"client.user.id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.code": "keyword",
"event.dataset": "constant_keyword",
"event.duration": "long",
"event.id": "keyword",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"geo.city_name": "keyword",
"geo.continent_name": "keyword",
"geo.country_iso_code": "keyword",
"geo.country_name": "keyword",
"geo.location": "geo_point",
"geo.region_iso_code": "keyword",
"geo.region_name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.body.bytes": "long",
"http.response.status_code": "long",
"http.version": "keyword",
"related.ip": "ip",
"related.user": "keyword",
"tags": "keyword",
"tls.cipher": "keyword",
"tls.version": "keyword",
"tls.version_protocol": "keyword",
"url.domain": "keyword",
"url.extension": "keyword",
"url.original": "wildcard",
"url.path": "wildcard",
"url.query": "keyword",
"url.scheme": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sns": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.Application": "keyword",
"aws.dimensions.Application,Platform": "keyword",
"aws.dimensions.Country": "keyword",
"aws.dimensions.Platform": "keyword",
"aws.dimensions.SMSType": "keyword",
"aws.dimensions.TopicName": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.sns.metrics.NumberOfMessagesPublished.sum": "long",
"aws.sns.metrics.NumberOfNotificationsDelivered.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFailed.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFailedToRedriveToDlq.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut-InvalidAttributes.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut-NoMessageAttributes.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut.sum": "long",
"aws.sns.metrics.NumberOfNotificationsRedrivenToDlq.sum": "long",
"aws.sns.metrics.PublishSize.avg": "double",
"aws.sns.metrics.SMSMonthToDateSpentUSD.sum": "long",
"aws.sns.metrics.SMSSuccessRate.avg": "double",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"sqs": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.QueueName": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.sqs.empty_receives": "long",
"aws.sqs.messages.delayed": "long",
"aws.sqs.messages.deleted": "long",
"aws.sqs.messages.not_visible": "long",
"aws.sqs.messages.received": "long",
"aws.sqs.messages.sent": "long",
"aws.sqs.messages.visible": "long",
"aws.sqs.oldest_message_age.sec": "long",
"aws.sqs.queue.name": "keyword",
"aws.sqs.sent_message_size.bytes": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"transitgateway": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.TransitGateway": "keyword",
"aws.dimensions.TransitGatewayAttachment": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.transitgateway.metrics.BytesIn.sum": "long",
"aws.transitgateway.metrics.BytesOut.sum": "long",
"aws.transitgateway.metrics.PacketDropCountBlackhole.sum": "long",
"aws.transitgateway.metrics.PacketDropCountNoRoute.sum": "long",
"aws.transitgateway.metrics.PacketsIn.sum": "long",
"aws.transitgateway.metrics.PacketsOut.sum": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"usage": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.Class": "keyword",
"aws.dimensions.Resource": "keyword",
"aws.dimensions.Service": "keyword",
"aws.dimensions.Type": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.usage.metrics.CallCount.sum": "long",
"aws.usage.metrics.ResourceCount.sum": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"vpcflow": {
"@timestamp": "date",
"aws.vpcflow.account_id": "keyword",
"aws.vpcflow.action": "keyword",
"aws.vpcflow.instance_id": "keyword",
"aws.vpcflow.interface_id": "keyword",
"aws.vpcflow.log_status": "keyword",
"aws.vpcflow.pkt_dstaddr": "ip",
"aws.vpcflow.pkt_srcaddr": "ip",
"aws.vpcflow.subnet_id": "keyword",
"aws.vpcflow.tcp_flags": "keyword",
"aws.vpcflow.tcp_flags_array": "keyword",
"aws.vpcflow.type": "keyword",
"aws.vpcflow.version": "keyword",
"aws.vpcflow.vpc_id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.as.number": "long",
"destination.as.organization.name": "keyword",
"destination.geo.city_name": "keyword",
"destination.geo.continent_name": "keyword",
"destination.geo.country_iso_code": "keyword",
"destination.geo.country_name": "keyword",
"destination.geo.location": "geo_point",
"destination.geo.region_iso_code": "keyword",
"destination.geo.region_name": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.category": "keyword",
"event.dataset": "constant_keyword",
"event.end": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.outcome": "keyword",
"event.start": "date",
"event.type": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"network.bytes": "long",
"network.community_id": "keyword",
"network.iana_number": "keyword",
"network.packets": "long",
"network.transport": "keyword",
"network.type": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.bytes": "long",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.packets": "long",
"source.port": "long",
"tags": "keyword"
},
"vpn": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.TunnelIpAddress": "keyword",
"aws.dimensions.VpnId": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.vpn.metrics.TunnelDataIn.sum": "double",
"aws.vpn.metrics.TunnelDataOut.sum": "double",
"aws.vpn.metrics.TunnelState.avg": "double",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"waf": {
"@timestamp": "date",
"aws.waf.arn": "keyword",
"aws.waf.id": "keyword",
"aws.waf.non_terminating_matching_rules": "nested",
"aws.waf.rate_based_rule_list": "nested",
"aws.waf.request.headers": "flattened",
"aws.waf.rule_group_list": "nested",
"aws.waf.source.id": "keyword",
"aws.waf.source.name": "keyword",
"aws.waf.terminating_rule_match_details": "nested",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.dataset": "constant_keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.id": "keyword",
"http.request.method": "keyword",
"http.version": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"related.ip": "ip",
"rule.id": "keyword",
"rule.ruleset": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"tags": "keyword",
"url.path": "wildcard",
"url.query": "keyword"
}
},
"1.12.1": {
"billing": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.billing.AmortizedCost.amount": "double",
"aws.billing.AmortizedCost.unit": "keyword",
"aws.billing.BlendedCost.amount": "double",
"aws.billing.BlendedCost.unit": "keyword",
"aws.billing.Currency": "keyword",
"aws.billing.EstimatedCharges": "long",
"aws.billing.NormalizedUsageAmount.amount": "double",
"aws.billing.NormalizedUsageAmount.unit": "keyword",
"aws.billing.ServiceName": "keyword",
"aws.billing.UnblendedCost.amount": "double",
"aws.billing.UnblendedCost.unit": "keyword",
"aws.billing.UsageQuantity.amount": "double",
"aws.billing.UsageQuantity.unit": "keyword",
"aws.billing.end_date": "keyword",
"aws.billing.group_by": "object",
"aws.billing.group_definition.key": "keyword",
"aws.billing.group_definition.type": "keyword",
"aws.billing.start_date": "keyword",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.linked_account.id": "keyword",
"aws.linked_account.name": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"cloudfront_logs": {
"@timestamp": "date",
"aws.cloudfront.content_type": "keyword",
"aws.cloudfront.domain": "keyword",
"aws.cloudfront.edge_detailed_result_type": "keyword",
"aws.cloudfront.edge_location": "keyword",
"aws.cloudfront.edge_response_result_type": "keyword",
"aws.cloudfront.edge_result_type": "keyword",
"aws.cloudfront.time_to_first_byte": "float",
"aws.edge_location": "alias",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.domain": "keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.duration": "long",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.bytes": "long",
"http.request.id": "keyword",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.body.bytes": "long",
"http.response.bytes": "long",
"http.response.status_code": "long",
"http.version": "keyword",
"network.protocol": "keyword",
"network.type": "keyword",
"related.hosts": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "long",
"tags": "keyword",
"tls.cipher": "keyword",
"tls.version": "keyword",
"tls.version_protocol": "keyword",
"url.domain": "keyword",
"url.extension": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.query": "keyword",
"url.registered_domain": "keyword",
"url.scheme": "keyword",
"url.subdomain": "keyword",
"url.top_level_domain": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"cloudtrail": {
"@timestamp": "date",
"aws.cloudtrail.additional_eventdata": "keyword",
"aws.cloudtrail.api_version": "keyword",
"aws.cloudtrail.console_login.additional_eventdata.login_to": "keyword",
"aws.cloudtrail.console_login.additional_eventdata.mfa_used": "boolean",
"aws.cloudtrail.console_login.additional_eventdata.mobile_version": "boolean",
"aws.cloudtrail.error_code": "keyword",
"aws.cloudtrail.error_message": "keyword",
"aws.cloudtrail.event_category": "keyword",
"aws.cloudtrail.event_type": "keyword",
"aws.cloudtrail.event_version": "keyword",
"aws.cloudtrail.flattened.additional_eventdata": "flattened",
"aws.cloudtrail.flattened.digest": "flattened",
"aws.cloudtrail.flattened.insight_details": "flattened",
"aws.cloudtrail.flattened.request_parameters": "flattened",
"aws.cloudtrail.flattened.response_elements": "flattened",
"aws.cloudtrail.flattened.service_event_details": "flattened",
"aws.cloudtrail.management_event": "keyword",
"aws.cloudtrail.read_only": "boolean",
"aws.cloudtrail.recipient_account_id": "keyword",
"aws.cloudtrail.request_id": "keyword",
"aws.cloudtrail.request_parameters": "keyword",
"aws.cloudtrail.resources.account_id": "keyword",
"aws.cloudtrail.resources.arn": "keyword",
"aws.cloudtrail.resources.type": "keyword",
"aws.cloudtrail.response_elements": "keyword",
"aws.cloudtrail.service_event_details": "keyword",
"aws.cloudtrail.shared_event_id": "keyword",
"aws.cloudtrail.user_identity.access_key_id": "keyword",
"aws.cloudtrail.user_identity.arn": "keyword",
"aws.cloudtrail.user_identity.invoked_by": "keyword",
"aws.cloudtrail.user_identity.session_context.creation_date": "date",
"aws.cloudtrail.user_identity.session_context.mfa_authenticated": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.account_id": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.arn": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.principal_id": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.type": "keyword",
"aws.cloudtrail.user_identity.type": "keyword",
"aws.cloudtrail.vpc_endpoint_id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.created": "date",
"event.dataset": "constant_keyword",
"event.ingested": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.provider": "keyword",
"event.type": "keyword",
"file.hash.md5": "keyword",
"file.hash.sha1": "keyword",
"file.hash.sha256": "keyword",
"file.hash.sha512": "keyword",
"file.path": "keyword",
"group.id": "keyword",
"group.name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"related.hash": "keyword",
"related.user": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"tags": "keyword",
"user.changes.name": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user.target.id": "keyword",
"user.target.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"cloudwatch_logs": {
"@timestamp": "date",
"aws.cloudwatch.message": "text",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.ingested": "date",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"message": "match_only_text",
"tags": "keyword"
},
"cloudwatch_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"dynamodb": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dynamodb.metrics.AccountMaxReads.max": "long",
"aws.dynamodb.metrics.AccountMaxTableLevelReads.max": "long",
"aws.dynamodb.metrics.AccountMaxTableLevelWrites.max": "long",
"aws.dynamodb.metrics.AccountMaxWrites.max": "long",
"aws.dynamodb.metrics.AccountProvisionedReadCapacityUtilization.avg": "double",
"aws.dynamodb.metrics.AccountProvisionedWriteCapacityUtilization.avg": "double",
"aws.dynamodb.metrics.ConditionalCheckFailedRequests.sum": "long",
"aws.dynamodb.metrics.ConsumedReadCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ConsumedReadCapacityUnits.sum": "long",
"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.sum": "long",
"aws.dynamodb.metrics.MaxProvisionedTableReadCapacityUtilization.max": "double",
"aws.dynamodb.metrics.MaxProvisionedTableWriteCapacityUtilization.max": "double",
"aws.dynamodb.metrics.OnlineIndexPercentageProgress.avg": "double",
"aws.dynamodb.metrics.PendingReplicationCount.sum": "long",
"aws.dynamodb.metrics.ProvisionedReadCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ProvisionedWriteCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ReadThrottleEvents.sum": "long",
"aws.dynamodb.metrics.ReplicationLatency.avg": "double",
"aws.dynamodb.metrics.ReplicationLatency.max": "double",
"aws.dynamodb.metrics.SuccessfulRequestLatency.avg": "double",
"aws.dynamodb.metrics.SuccessfulRequestLatency.max": "double",
"aws.dynamodb.metrics.SystemErrors.sum": "long",
"aws.dynamodb.metrics.ThrottledRequests.sum": "long",
"aws.dynamodb.metrics.TransactionConflict.avg": "double",
"aws.dynamodb.metrics.TransactionConflict.sum": "long",
"aws.dynamodb.metrics.WriteThrottleEvents.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"ebs": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.VolumeId": "keyword",
"aws.ebs.metrics.BurstBalance.avg": "double",
"aws.ebs.metrics.VolumeConsumedReadWriteOps.avg": "double",
"aws.ebs.metrics.VolumeIdleTime.sum": "double",
"aws.ebs.metrics.VolumeQueueLength.avg": "double",
"aws.ebs.metrics.VolumeReadBytes.avg": "double",
"aws.ebs.metrics.VolumeReadOps.avg": "double",
"aws.ebs.metrics.VolumeThroughputPercentage.avg": "double",
"aws.ebs.metrics.VolumeTotalReadTime.sum": "double",
"aws.ebs.metrics.VolumeTotalWriteTime.sum": "double",
"aws.ebs.metrics.VolumeWriteBytes.avg": "double",
"aws.ebs.metrics.VolumeWriteOps.avg": "double",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"ec2_logs": {
"@timestamp": "date",
"aws.ec2.ip_address": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"message": "match_only_text",
"process.name": "keyword",
"tags": "keyword"
},
"ec2_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AutoScalingGroupName": "keyword",
"aws.dimensions.ImageId": "keyword",
"aws.dimensions.InstanceId": "keyword",
"aws.dimensions.InstanceType": "keyword",
"aws.ec2.cpu.credit_balance": "long",
"aws.ec2.cpu.credit_usage": "long",
"aws.ec2.cpu.surplus_credit_balance": "long",
"aws.ec2.cpu.surplus_credits_charged": "long",
"aws.ec2.cpu.total.pct": "scaled_float",
"aws.ec2.diskio.read.bytes": "long",
"aws.ec2.diskio.read.bytes_per_sec": "long",
"aws.ec2.diskio.read.count": "long",
"aws.ec2.diskio.read.count_per_sec": "long",
"aws.ec2.diskio.write.bytes": "long",
"aws.ec2.diskio.write.bytes_per_sec": "long",
"aws.ec2.diskio.write.count": "long",
"aws.ec2.diskio.write.count_per_sec": "long",
"aws.ec2.instance.core.count": "integer",
"aws.ec2.instance.image.id": "keyword",
"aws.ec2.instance.monitoring.state": "keyword",
"aws.ec2.instance.private.dns_name": "keyword",
"aws.ec2.instance.private.ip": "ip",
"aws.ec2.instance.public.dns_name": "keyword",
"aws.ec2.instance.public.ip": "ip",
"aws.ec2.instance.state.code": "integer",
"aws.ec2.instance.state.name": "keyword",
"aws.ec2.instance.threads_per_core": "integer",
"aws.ec2.network.in.bytes": "long",
"aws.ec2.network.in.bytes_per_sec": "long",
"aws.ec2.network.in.packets": "long",
"aws.ec2.network.in.packets_per_sec": "long",
"aws.ec2.network.out.bytes": "long",
"aws.ec2.network.out.bytes_per_sec": "long",
"aws.ec2.network.out.packets": "long",
"aws.ec2.network.out.packets_per_sec": "long",
"aws.ec2.status.check_failed": "long",
"aws.ec2.status.check_failed_instance": "long",
"aws.ec2.status.check_failed_system": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.cpu.pct": "scaled_float",
"host.disk.read.bytes": "long",
"host.disk.write.bytes": "long",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.network.in.bytes": "long",
"host.network.in.packets": "long",
"host.network.out.bytes": "long",
"host.network.out.packets": "long",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"elb_logs": {
"@timestamp": "date",
"aws.elb.action_executed": "keyword",
"aws.elb.backend.http.response.status_code": "long",
"aws.elb.backend.ip": "keyword",
"aws.elb.backend.port": "keyword",
"aws.elb.backend_processing_time.sec": "float",
"aws.elb.chosen_cert.arn": "keyword",
"aws.elb.chosen_cert.serial": "keyword",
"aws.elb.classification": "keyword",
"aws.elb.classification_reason": "keyword",
"aws.elb.connection_time.ms": "long",
"aws.elb.error.reason": "keyword",
"aws.elb.incoming_tls_alert": "keyword",
"aws.elb.listener": "keyword",
"aws.elb.matched_rule_priority": "keyword",
"aws.elb.name": "keyword",
"aws.elb.protocol": "keyword",
"aws.elb.redirect_url": "keyword",
"aws.elb.request_processing_time.sec": "float",
"aws.elb.response_processing_time.sec": "float",
"aws.elb.ssl_cipher": "keyword",
"aws.elb.ssl_protocol": "keyword",
"aws.elb.target_group.arn": "keyword",
"aws.elb.target_port": "keyword",
"aws.elb.target_status_code": "keyword",
"aws.elb.tls_handshake_time.ms": "long",
"aws.elb.tls_named_group": "keyword",
"aws.elb.trace_id": "keyword",
"aws.elb.type": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.bytes": "long",
"destination.domain": "keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.category": "keyword",
"event.dataset": "constant_keyword",
"event.end": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"event.start": "date",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.body.bytes": "long",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.body.bytes": "long",
"http.response.status_code": "long",
"http.version": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "long",
"tags": "keyword",
"trace.id": "keyword",
"url.domain": "keyword",
"url.original": "wildcard",
"url.path": "wildcard",
"url.port": "long",
"url.scheme": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.version": "keyword"
},
"elb_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.applicationelb.metrics.ActiveConnectionCount.sum": "long",
"aws.applicationelb.metrics.ClientTLSNegotiationErrorCount.sum": "long",
"aws.applicationelb.metrics.ConsumedLCUs.avg": "double",
"aws.applicationelb.metrics.HTTPCode_ELB_3XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_4XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_500_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_502_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_503_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_504_Count.sum": "long",
"aws.applicationelb.metrics.HTTPCode_ELB_5XX_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Fixed_Response_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Redirect_Count.sum": "long",
"aws.applicationelb.metrics.HTTP_Redirect_Url_Limit_Exceeded_Count.sum": "long",
"aws.applicationelb.metrics.IPv6ProcessedBytes.sum": "long",
"aws.applicationelb.metrics.IPv6RequestCount.sum": "long",
"aws.applicationelb.metrics.NewConnectionCount.sum": "long",
"aws.applicationelb.metrics.ProcessedBytes.sum": "long",
"aws.applicationelb.metrics.RejectedConnectionCount.sum": "long",
"aws.applicationelb.metrics.RequestCount.sum": "long",
"aws.applicationelb.metrics.RuleEvaluations.sum": "long",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AvailabilityZone": "keyword",
"aws.dimensions.LoadBalancer": "keyword",
"aws.dimensions.LoadBalancerName": "keyword",
"aws.dimensions.TargetGroup": "keyword",
"aws.elb.metrics.BackendConnectionErrors.sum": "long",
"aws.elb.metrics.EstimatedALBActiveConnectionCount.avg": "double",
"aws.elb.metrics.EstimatedALBConsumedLCUs.avg": "double",
"aws.elb.metrics.EstimatedALBNewConnectionCount.avg": "double",
"aws.elb.metrics.EstimatedProcessedBytes.avg": "double",
"aws.elb.metrics.HTTPCode_Backend_2XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_3XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_4XX.sum": "long",
"aws.elb.metrics.HTTPCode_Backend_5XX.sum": "long",
"aws.elb.metrics.HTTPCode_ELB_4XX.sum": "long",
"aws.elb.metrics.HTTPCode_ELB_5XX.sum": "long",
"aws.elb.metrics.HealthyHostCount.max": "long",
"aws.elb.metrics.Latency.avg": "double",
"aws.elb.metrics.RequestCount.sum": "long",
"aws.elb.metrics.SpilloverCount.sum": "long",
"aws.elb.metrics.SurgeQueueLength.max": "long",
"aws.elb.metrics.UnHealthyHostCount.max": "long",
"aws.networkelb.metrics.ActiveFlowCount.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_TCP.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_TLS.avg": "double",
"aws.networkelb.metrics.ActiveFlowCount_UDP.avg": "double",
"aws.networkelb.metrics.ClientTLSNegotiationErrorCount.sum": "long",
"aws.networkelb.metrics.ConsumedLCUs.avg": "double",
"aws.networkelb.metrics.HealthyHostCount.max": "long",
"aws.networkelb.metrics.NewFlowCount.sum": "long",
"aws.networkelb.metrics.NewFlowCount_TLS.sum": "long",
"aws.networkelb.metrics.ProcessedBytes.sum": "long",
"aws.networkelb.metrics.ProcessedBytes_TLS.sum": "long",
"aws.networkelb.metrics.TCP_Client_Reset_Count.sum": "long",
"aws.networkelb.metrics.TCP_ELB_Reset_Count.sum": "long",
"aws.networkelb.metrics.TCP_Target_Reset_Count.sum": "long",
"aws.networkelb.metrics.TargetTLSNegotiationErrorCount.sum": "long",
"aws.networkelb.metrics.UnHealthyHostCount.max": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"firewall_logs": {
"@timestamp": "date",
"aws.firewall.flow.age": "long",
"aws.firewall.flow.bytes": "long",
"aws.firewall.flow.end": "date",
"aws.firewall.flow.id": "keyword",
"aws.firewall.flow.max_ttl": "short",
"aws.firewall.flow.min_ttl": "short",
"aws.firewall.flow.pkts": "long",
"aws.firewall.flow.start": "date",
"aws.firewall.tcp_flags": "keyword",
"aws.firewall.tcp_flags_array": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.as.number": "long",
"destination.as.organization.name": "keyword",
"destination.bytes": "long",
"destination.domain": "keyword",
"destination.geo.city_name": "keyword",
"destination.geo.continent_name": "keyword",
"destination.geo.country_iso_code": "keyword",
"destination.geo.country_name": "keyword",
"destination.geo.location": "geo_point",
"destination.geo.name": "keyword",
"destination.geo.region_iso_code": "keyword",
"destination.geo.region_name": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.category": "keyword",
"event.created": "date",
"event.dataset": "constant_keyword",
"event.ingested": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.provider": "keyword",
"event.type": "keyword",
"group.id": "keyword",
"group.name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.method": "keyword",
"http.version": "keyword",
"message": "match_only_text",
"network.community_id": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"network.type": "keyword",
"observer.name": "keyword",
"observer.product": "keyword",
"observer.type": "keyword",
"observer.vendor": "keyword",
"related.hosts": "keyword",
"related.ip": "ip",
"rule.category": "keyword",
"rule.id": "keyword",
"rule.name": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "long",
"tags": "keyword",
"url.domain": "keyword",
"url.original": "wildcard",
"url.path": "wildcard",
"url.scheme": "keyword",
"user.changes.name": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user.target.id": "keyword",
"user.target.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"firewall_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AvailabilityZone": "keyword",
"aws.dimensions.CustomAction": "keyword",
"aws.dimensions.Engine": "keyword",
"aws.dimensions.FirewallName": "keyword",
"aws.networkfirewall.DroppedPackets.sum": "long",
"aws.networkfirewall.Packets.sum": "long",
"aws.networkfirewall.PassedPackets.sum": "long",
"aws.networkfirewall.ReceivedPackets.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"lambda": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.ExecutedVersion": "keyword",
"aws.dimensions.FunctionName": "keyword",
"aws.dimensions.Resource": "keyword",
"aws.lambda.metrics.ConcurrentExecutions.avg": "double",
"aws.lambda.metrics.DeadLetterErrors.avg": "double",
"aws.lambda.metrics.DestinationDeliveryFailures.avg": "double",
"aws.lambda.metrics.Duration.avg": "double",
"aws.lambda.metrics.Errors.avg": "double",
"aws.lambda.metrics.Invocations.avg": "double",
"aws.lambda.metrics.IteratorAge.avg": "double",
"aws.lambda.metrics.ProvisionedConcurrencyInvocations.sum": "long",
"aws.lambda.metrics.ProvisionedConcurrencySpilloverInvocations.sum": "long",
"aws.lambda.metrics.ProvisionedConcurrencyUtilization.max": "long",
"aws.lambda.metrics.ProvisionedConcurrentExecutions.max": "long",
"aws.lambda.metrics.Throttles.avg": "double",
"aws.lambda.metrics.UnreservedConcurrentExecutions.avg": "double",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"natgateway": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.NatGatewayId": "keyword",
"aws.natgateway.metrics.ActiveConnectionCount.max": "long",
"aws.natgateway.metrics.BytesInFromDestination.sum": "long",
"aws.natgateway.metrics.BytesInFromSource.sum": "long",
"aws.natgateway.metrics.BytesOutToDestination.sum": "long",
"aws.natgateway.metrics.BytesOutToSource.sum": "long",
"aws.natgateway.metrics.ConnectionAttemptCount.sum": "long",
"aws.natgateway.metrics.ConnectionEstablishedCount.sum": "long",
"aws.natgateway.metrics.ErrorPortAllocation.sum": "long",
"aws.natgateway.metrics.IdleTimeoutCount.sum": "long",
"aws.natgateway.metrics.PacketsDropCount.sum": "long",
"aws.natgateway.metrics.PacketsInFromDestination.sum": "long",
"aws.natgateway.metrics.PacketsInFromSource.sum": "long",
"aws.natgateway.metrics.PacketsOutToDestination.sum": "long",
"aws.natgateway.metrics.PacketsOutToSource.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"rds": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.DBClusterIdentifier": "keyword",
"aws.dimensions.DBClusterIdentifier,Role": "keyword",
"aws.dimensions.DBInstanceIdentifier": "keyword",
"aws.dimensions.DatabaseClass": "keyword",
"aws.dimensions.DbClusterIdentifier, EngineName": "keyword",
"aws.dimensions.EngineName": "keyword",
"aws.dimensions.SourceRegion": "keyword",
"aws.rds.aurora_bin_log_replica_lag": "long",
"aws.rds.aurora_global_db.data_transfer.bytes": "long",
"aws.rds.aurora_global_db.replicated_write_io.bytes": "long",
"aws.rds.aurora_global_db.replication_lag.ms": "long",
"aws.rds.aurora_replica.lag.ms": "long",
"aws.rds.aurora_replica.lag_max.ms": "long",
"aws.rds.aurora_replica.lag_min.ms": "long",
"aws.rds.aurora_volume_left_total.bytes": "long",
"aws.rds.backtrack_change_records.creation_rate": "long",
"aws.rds.backtrack_change_records.stored": "long",
"aws.rds.backtrack_window.actual": "long",
"aws.rds.backtrack_window.alert": "long",
"aws.rds.backup_storage_billed_total.bytes": "long",
"aws.rds.cache_hit_ratio.buffer": "long",
"aws.rds.cache_hit_ratio.result_set": "long",
"aws.rds.cpu.credit_balance": "long",
"aws.rds.cpu.credit_usage": "long",
"aws.rds.cpu.total.pct": "scaled_float",
"aws.rds.database_connections": "long",
"aws.rds.db_instance.arn": "keyword",
"aws.rds.db_instance.class": "keyword",
"aws.rds.db_instance.db_cluster_identifier": "keyword",
"aws.rds.db_instance.engine_name": "keyword",
"aws.rds.db_instance.identifier": "keyword",
"aws.rds.db_instance.role": "keyword",
"aws.rds.db_instance.status": "keyword",
"aws.rds.deadlocks": "long",
"aws.rds.disk_queue_depth": "float",
"aws.rds.disk_usage.bin_log.bytes": "long",
"aws.rds.disk_usage.replication_slot.mb": "long",
"aws.rds.disk_usage.transaction_logs.mb": "long",
"aws.rds.engine_uptime.sec": "long",
"aws.rds.failed_sql_server_agent_jobs": "long",
"aws.rds.free_local_storage.bytes": "long",
"aws.rds.free_storage.bytes": "long",
"aws.rds.freeable_memory.bytes": "long",
"aws.rds.latency.commit": "float",
"aws.rds.latency.ddl": "float",
"aws.rds.latency.delete": "float",
"aws.rds.latency.dml": "float",
"aws.rds.latency.insert": "float",
"aws.rds.latency.read": "float",
"aws.rds.latency.select": "float",
"aws.rds.latency.update": "float",
"aws.rds.latency.write": "float",
"aws.rds.login_failures": "long",
"aws.rds.maximum_used_transaction_ids": "long",
"aws.rds.oldest_replication_slot_lag.mb": "long",
"aws.rds.queries": "long",
"aws.rds.rds_to_aurora_postgresql_replica_lag.sec": "long",
"aws.rds.read_io.ops_per_sec": "float",
"aws.rds.replica_lag.sec": "long",
"aws.rds.storage_used.backup_retention_period.bytes": "long",
"aws.rds.storage_used.snapshot.bytes": "long",
"aws.rds.swap_usage.bytes": "long",
"aws.rds.throughput.commit": "float",
"aws.rds.throughput.ddl": "float",
"aws.rds.throughput.delete": "float",
"aws.rds.throughput.dml": "float",
"aws.rds.throughput.insert": "float",
"aws.rds.throughput.network": "float",
"aws.rds.throughput.network_receive": "float",
"aws.rds.throughput.network_transmit": "float",
"aws.rds.throughput.read": "float",
"aws.rds.throughput.select": "float",
"aws.rds.throughput.update": "float",
"aws.rds.throughput.write": "float",
"aws.rds.transaction_logs_generation": "long",
"aws.rds.transactions.active": "long",
"aws.rds.transactions.blocked": "long",
"aws.rds.volume.read.iops": "long",
"aws.rds.volume.write.iops": "long",
"aws.rds.volume_used.bytes": "long",
"aws.rds.write_io.ops_per_sec": "float",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"route53_public_logs": {
"@timestamp": "date",
"aws.edge_location": "alias",
"aws.route53.edge_location": "keyword",
"aws.route53.edns_client_subnet": "keyword",
"aws.route53.hosted_zone_id": "keyword",
"awscloudwatch.ingestion_time": "date",
"awscloudwatch.log_group": "keyword",
"awscloudwatch.log_stream": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"dns.question.name": "keyword",
"dns.question.registered_domain": "keyword",
"dns.question.subdomain": "keyword",
"dns.question.top_level_domain": "keyword",
"dns.question.type": "keyword",
"dns.response_code": "keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"input.type": "keyword",
"log.file.path": "keyword",
"message": "match_only_text",
"network.iana_number": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"network.type": "keyword",
"related.hosts": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"tags": "keyword"
},
"route53_resolver_logs": {
"@timestamp": "date",
"aws.instance_id": "keyword",
"aws.route53.firewall.action": "keyword",
"aws.route53.firewall.domain_list.id": "keyword",
"aws.route53.firewall.rule_group.id": "keyword",
"aws.vpc_id": "keyword",
"awscloudwatch.ingestion_time": "date",
"awscloudwatch.log_group": "keyword",
"awscloudwatch.log_stream": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"dns.answers": "object",
"dns.question.class": "keyword",
"dns.question.name": "keyword",
"dns.question.registered_domain": "keyword",
"dns.question.subdomain": "keyword",
"dns.question.top_level_domain": "keyword",
"dns.question.type": "keyword",
"dns.response_code": "keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"input.type": "keyword",
"log.file.path": "keyword",
"message": "match_only_text",
"network.iana_number": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"network.type": "keyword",
"related.hosts": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "long",
"tags": "keyword"
},
"s3_daily_storage": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.dimensions.*": "object",
"aws.dimensions.BucketName": "keyword",
"aws.dimensions.FilterId": "keyword",
"aws.dimensions.StorageType": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.s3_daily_storage.bucket.size.bytes": "long",
"aws.s3_daily_storage.number_of_objects": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3_request": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.dimensions.*": "object",
"aws.dimensions.BucketName": "keyword",
"aws.dimensions.FilterId": "keyword",
"aws.dimensions.StorageType": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.s3_request.downloaded.bytes": "long",
"aws.s3_request.errors.4xx": "long",
"aws.s3_request.errors.5xx": "long",
"aws.s3_request.latency.first_byte.ms": "long",
"aws.s3_request.latency.total_request.ms": "long",
"aws.s3_request.requests.delete": "long",
"aws.s3_request.requests.get": "long",
"aws.s3_request.requests.head": "long",
"aws.s3_request.requests.list": "long",
"aws.s3_request.requests.post": "long",
"aws.s3_request.requests.put": "long",
"aws.s3_request.requests.select": "long",
"aws.s3_request.requests.select_returned.bytes": "long",
"aws.s3_request.requests.select_scanned.bytes": "long",
"aws.s3_request.requests.total": "long",
"aws.s3_request.uploaded.bytes": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3_storage_lens": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.s3.bucket.name": "keyword",
"aws.s3_storage_lens.metrics.4xxErrors.avg": "long",
"aws.s3_storage_lens.metrics.5xxErrors.avg": "long",
"aws.s3_storage_lens.metrics.AllRequests.avg": "long",
"aws.s3_storage_lens.metrics.BytesDownloaded.avg": "long",
"aws.s3_storage_lens.metrics.BytesUploaded.avg": "long",
"aws.s3_storage_lens.metrics.CurrentVersionObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.CurrentVersionStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.DeleteMarkerObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.DeleteRequests.avg": "long",
"aws.s3_storage_lens.metrics.EncryptedObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.EncryptedStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.GetRequests.avg": "long",
"aws.s3_storage_lens.metrics.HeadRequests.avg": "long",
"aws.s3_storage_lens.metrics.IncompleteMultipartUploadObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.IncompleteMultipartUploadStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.ListRequests.avg": "long",
"aws.s3_storage_lens.metrics.NonCurrentVersionObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.NonCurrentVersionStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.ObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.ObjectLockEnabledObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.ObjectLockEnabledStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.PostRequests.avg": "long",
"aws.s3_storage_lens.metrics.PutRequests.avg": "long",
"aws.s3_storage_lens.metrics.ReplicatedObjectCount.avg": "long",
"aws.s3_storage_lens.metrics.ReplicatedStorageBytes.avg": "long",
"aws.s3_storage_lens.metrics.SelectRequests.avg": "long",
"aws.s3_storage_lens.metrics.SelectReturnedBytes.avg": "long",
"aws.s3_storage_lens.metrics.SelectScannedBytes.avg": "long",
"aws.s3_storage_lens.metrics.StorageBytes.avg": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"s3access": {
"@timestamp": "date",
"aws.s3access.authentication_type": "keyword",
"aws.s3access.bucket": "keyword",
"aws.s3access.bucket_owner": "keyword",
"aws.s3access.bytes_sent": "long",
"aws.s3access.cipher_suite": "keyword",
"aws.s3access.error_code": "keyword",
"aws.s3access.host_header": "keyword",
"aws.s3access.host_id": "keyword",
"aws.s3access.http_status": "long",
"aws.s3access.key": "keyword",
"aws.s3access.object_size": "long",
"aws.s3access.operation": "keyword",
"aws.s3access.referrer": "keyword",
"aws.s3access.remote_ip": "ip",
"aws.s3access.request_id": "keyword",
"aws.s3access.request_uri": "keyword",
"aws.s3access.requester": "keyword",
"aws.s3access.signature_version": "keyword",
"aws.s3access.tls_version": "keyword",
"aws.s3access.total_time": "long",
"aws.s3access.turn_around_time": "long",
"aws.s3access.user_agent": "keyword",
"aws.s3access.version_id": "keyword",
"client.address": "keyword",
"client.ip": "ip",
"client.user.id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.code": "keyword",
"event.dataset": "constant_keyword",
"event.duration": "long",
"event.id": "keyword",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"geo.city_name": "keyword",
"geo.continent_name": "keyword",
"geo.country_iso_code": "keyword",
"geo.country_name": "keyword",
"geo.location": "geo_point",
"geo.region_iso_code": "keyword",
"geo.region_name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.body.bytes": "long",
"http.response.status_code": "long",
"http.version": "keyword",
"related.ip": "ip",
"related.user": "keyword",
"tags": "keyword",
"tls.cipher": "keyword",
"tls.version": "keyword",
"tls.version_protocol": "keyword",
"url.domain": "keyword",
"url.extension": "keyword",
"url.original": "wildcard",
"url.path": "wildcard",
"url.query": "keyword",
"url.scheme": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"sns": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.Application": "keyword",
"aws.dimensions.Application,Platform": "keyword",
"aws.dimensions.Country": "keyword",
"aws.dimensions.Platform": "keyword",
"aws.dimensions.SMSType": "keyword",
"aws.dimensions.TopicName": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.sns.metrics.NumberOfMessagesPublished.sum": "long",
"aws.sns.metrics.NumberOfNotificationsDelivered.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFailed.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFailedToRedriveToDlq.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut-InvalidAttributes.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut-NoMessageAttributes.sum": "long",
"aws.sns.metrics.NumberOfNotificationsFilteredOut.sum": "long",
"aws.sns.metrics.NumberOfNotificationsRedrivenToDlq.sum": "long",
"aws.sns.metrics.PublishSize.avg": "double",
"aws.sns.metrics.SMSMonthToDateSpentUSD.sum": "long",
"aws.sns.metrics.SMSSuccessRate.avg": "double",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"sqs": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.QueueName": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.sqs.empty_receives": "long",
"aws.sqs.messages.delayed": "long",
"aws.sqs.messages.deleted": "long",
"aws.sqs.messages.not_visible": "long",
"aws.sqs.messages.received": "long",
"aws.sqs.messages.sent": "long",
"aws.sqs.messages.visible": "long",
"aws.sqs.oldest_message_age.sec": "long",
"aws.sqs.queue.name": "keyword",
"aws.sqs.sent_message_size.bytes": "long",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"transitgateway": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.TransitGateway": "keyword",
"aws.dimensions.TransitGatewayAttachment": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.transitgateway.metrics.BytesIn.sum": "long",
"aws.transitgateway.metrics.BytesOut.sum": "long",
"aws.transitgateway.metrics.PacketDropCountBlackhole.sum": "long",
"aws.transitgateway.metrics.PacketDropCountNoRoute.sum": "long",
"aws.transitgateway.metrics.PacketsIn.sum": "long",
"aws.transitgateway.metrics.PacketsOut.sum": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"usage": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.Class": "keyword",
"aws.dimensions.Resource": "keyword",
"aws.dimensions.Service": "keyword",
"aws.dimensions.Type": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.usage.metrics.CallCount.sum": "long",
"aws.usage.metrics.ResourceCount.sum": "long",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"vpcflow": {
"@timestamp": "date",
"aws.vpcflow.account_id": "keyword",
"aws.vpcflow.action": "keyword",
"aws.vpcflow.instance_id": "keyword",
"aws.vpcflow.interface_id": "keyword",
"aws.vpcflow.log_status": "keyword",
"aws.vpcflow.pkt_dstaddr": "ip",
"aws.vpcflow.pkt_srcaddr": "ip",
"aws.vpcflow.subnet_id": "keyword",
"aws.vpcflow.tcp_flags": "keyword",
"aws.vpcflow.tcp_flags_array": "keyword",
"aws.vpcflow.type": "keyword",
"aws.vpcflow.version": "keyword",
"aws.vpcflow.vpc_id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.as.number": "long",
"destination.as.organization.name": "keyword",
"destination.geo.city_name": "keyword",
"destination.geo.continent_name": "keyword",
"destination.geo.country_iso_code": "keyword",
"destination.geo.country_name": "keyword",
"destination.geo.location": "geo_point",
"destination.geo.region_iso_code": "keyword",
"destination.geo.region_name": "keyword",
"destination.ip": "ip",
"destination.port": "long",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.category": "keyword",
"event.dataset": "constant_keyword",
"event.end": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.outcome": "keyword",
"event.start": "date",
"event.type": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"network.bytes": "long",
"network.community_id": "keyword",
"network.iana_number": "keyword",
"network.packets": "long",
"network.transport": "keyword",
"network.type": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.bytes": "long",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.packets": "long",
"source.port": "long",
"tags": "keyword"
},
"vpn": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.TunnelIpAddress": "keyword",
"aws.dimensions.VpnId": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"aws.vpn.metrics.TunnelDataIn.sum": "double",
"aws.vpn.metrics.TunnelDataOut.sum": "double",
"aws.vpn.metrics.TunnelState.avg": "double",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"waf": {
"@timestamp": "date",
"aws.waf.arn": "keyword",
"aws.waf.id": "keyword",
"aws.waf.non_terminating_matching_rules": "nested",
"aws.waf.rate_based_rule_list": "nested",
"aws.waf.request.headers": "flattened",
"aws.waf.rule_group_list": "nested",
"aws.waf.source.id": "keyword",
"aws.waf.source.name": "keyword",
"aws.waf.terminating_rule_match_details": "nested",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.dataset": "constant_keyword",
"event.id": "keyword",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.outcome": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.id": "keyword",
"http.request.method": "keyword",
"http.version": "keyword",
"network.protocol": "keyword",
"network.transport": "keyword",
"related.ip": "ip",
"rule.id": "keyword",
"rule.ruleset": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"tags": "keyword",
"url.path": "wildcard",
"url.query": "keyword"
}
},
"1.13.0": {
"billing": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.billing.AmortizedCost.amount": "double",
"aws.billing.AmortizedCost.unit": "keyword",
"aws.billing.BlendedCost.amount": "double",
"aws.billing.BlendedCost.unit": "keyword",
"aws.billing.Currency": "keyword",
"aws.billing.EstimatedCharges": "long",
"aws.billing.NormalizedUsageAmount.amount": "double",
"aws.billing.NormalizedUsageAmount.unit": "keyword",
"aws.billing.ServiceName": "keyword",
"aws.billing.UnblendedCost.amount": "double",
"aws.billing.UnblendedCost.unit": "keyword",
"aws.billing.UsageQuantity.amount": "double",
"aws.billing.UsageQuantity.unit": "keyword",
"aws.billing.end_date": "keyword",
"aws.billing.group_by": "object",
"aws.billing.group_definition.key": "keyword",
"aws.billing.group_definition.type": "keyword",
"aws.billing.start_date": "keyword",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.linked_account.id": "keyword",
"aws.linked_account.name": "keyword",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"cloudfront_logs": {
"@timestamp": "date",
"aws.cloudfront.content_type": "keyword",
"aws.cloudfront.domain": "keyword",
"aws.cloudfront.edge_detailed_result_type": "keyword",
"aws.cloudfront.edge_location": "keyword",
"aws.cloudfront.edge_response_result_type": "keyword",
"aws.cloudfront.edge_result_type": "keyword",
"aws.cloudfront.time_to_first_byte": "float",
"aws.edge_location": "alias",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"destination.address": "keyword",
"destination.domain": "keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.duration": "long",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"http.request.bytes": "long",
"http.request.id": "keyword",
"http.request.method": "keyword",
"http.request.referrer": "keyword",
"http.response.body.bytes": "long",
"http.response.bytes": "long",
"http.response.status_code": "long",
"http.version": "keyword",
"network.protocol": "keyword",
"network.type": "keyword",
"related.hosts": "keyword",
"related.ip": "ip",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"source.port": "long",
"tags": "keyword",
"tls.cipher": "keyword",
"tls.version": "keyword",
"tls.version_protocol": "keyword",
"url.domain": "keyword",
"url.extension": "keyword",
"url.full": "wildcard",
"url.original": "wildcard",
"url.path": "wildcard",
"url.query": "keyword",
"url.registered_domain": "keyword",
"url.scheme": "keyword",
"url.subdomain": "keyword",
"url.top_level_domain": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"cloudtrail": {
"@timestamp": "date",
"aws.cloudtrail.additional_eventdata": "keyword",
"aws.cloudtrail.api_version": "keyword",
"aws.cloudtrail.console_login.additional_eventdata.login_to": "keyword",
"aws.cloudtrail.console_login.additional_eventdata.mfa_used": "boolean",
"aws.cloudtrail.console_login.additional_eventdata.mobile_version": "boolean",
"aws.cloudtrail.error_code": "keyword",
"aws.cloudtrail.error_message": "keyword",
"aws.cloudtrail.event_category": "keyword",
"aws.cloudtrail.event_type": "keyword",
"aws.cloudtrail.event_version": "keyword",
"aws.cloudtrail.flattened.additional_eventdata": "flattened",
"aws.cloudtrail.flattened.digest": "flattened",
"aws.cloudtrail.flattened.insight_details": "flattened",
"aws.cloudtrail.flattened.request_parameters": "flattened",
"aws.cloudtrail.flattened.response_elements": "flattened",
"aws.cloudtrail.flattened.service_event_details": "flattened",
"aws.cloudtrail.management_event": "keyword",
"aws.cloudtrail.read_only": "boolean",
"aws.cloudtrail.recipient_account_id": "keyword",
"aws.cloudtrail.request_id": "keyword",
"aws.cloudtrail.request_parameters": "keyword",
"aws.cloudtrail.resources.account_id": "keyword",
"aws.cloudtrail.resources.arn": "keyword",
"aws.cloudtrail.resources.type": "keyword",
"aws.cloudtrail.response_elements": "keyword",
"aws.cloudtrail.service_event_details": "keyword",
"aws.cloudtrail.shared_event_id": "keyword",
"aws.cloudtrail.user_identity.access_key_id": "keyword",
"aws.cloudtrail.user_identity.arn": "keyword",
"aws.cloudtrail.user_identity.invoked_by": "keyword",
"aws.cloudtrail.user_identity.session_context.creation_date": "date",
"aws.cloudtrail.user_identity.session_context.mfa_authenticated": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.account_id": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.arn": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.principal_id": "keyword",
"aws.cloudtrail.user_identity.session_context.session_issuer.type": "keyword",
"aws.cloudtrail.user_identity.type": "keyword",
"aws.cloudtrail.vpc_endpoint_id": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.action": "keyword",
"event.created": "date",
"event.dataset": "constant_keyword",
"event.ingested": "date",
"event.kind": "keyword",
"event.module": "constant_keyword",
"event.original": "keyword",
"event.provider": "keyword",
"event.type": "keyword",
"file.hash.md5": "keyword",
"file.hash.sha1": "keyword",
"file.hash.sha256": "keyword",
"file.hash.sha512": "keyword",
"file.path": "keyword",
"group.id": "keyword",
"group.name": "keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"related.hash": "keyword",
"related.user": "keyword",
"source.address": "keyword",
"source.as.number": "long",
"source.as.organization.name": "keyword",
"source.geo.city_name": "keyword",
"source.geo.continent_name": "keyword",
"source.geo.country_iso_code": "keyword",
"source.geo.country_name": "keyword",
"source.geo.location": "geo_point",
"source.geo.region_iso_code": "keyword",
"source.geo.region_name": "keyword",
"source.ip": "ip",
"tags": "keyword",
"user.changes.name": "keyword",
"user.id": "keyword",
"user.name": "keyword",
"user.target.id": "keyword",
"user.target.name": "keyword",
"user_agent.device.name": "keyword",
"user_agent.name": "keyword",
"user_agent.original": "keyword",
"user_agent.os.full": "keyword",
"user_agent.os.name": "keyword",
"user_agent.os.version": "keyword",
"user_agent.version": "keyword"
},
"cloudwatch_logs": {
"@timestamp": "date",
"aws.cloudwatch.message": "text",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.ingested": "date",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"message": "match_only_text",
"tags": "keyword"
},
"cloudwatch_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"dynamodb": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dynamodb.metrics.AccountMaxReads.max": "long",
"aws.dynamodb.metrics.AccountMaxTableLevelReads.max": "long",
"aws.dynamodb.metrics.AccountMaxTableLevelWrites.max": "long",
"aws.dynamodb.metrics.AccountMaxWrites.max": "long",
"aws.dynamodb.metrics.AccountProvisionedReadCapacityUtilization.avg": "double",
"aws.dynamodb.metrics.AccountProvisionedWriteCapacityUtilization.avg": "double",
"aws.dynamodb.metrics.ConditionalCheckFailedRequests.sum": "long",
"aws.dynamodb.metrics.ConsumedReadCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ConsumedReadCapacityUnits.sum": "long",
"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.sum": "long",
"aws.dynamodb.metrics.MaxProvisionedTableReadCapacityUtilization.max": "double",
"aws.dynamodb.metrics.MaxProvisionedTableWriteCapacityUtilization.max": "double",
"aws.dynamodb.metrics.OnlineIndexPercentageProgress.avg": "double",
"aws.dynamodb.metrics.PendingReplicationCount.sum": "long",
"aws.dynamodb.metrics.ProvisionedReadCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ProvisionedWriteCapacityUnits.avg": "double",
"aws.dynamodb.metrics.ReadThrottleEvents.sum": "long",
"aws.dynamodb.metrics.ReplicationLatency.avg": "double",
"aws.dynamodb.metrics.ReplicationLatency.max": "double",
"aws.dynamodb.metrics.SuccessfulRequestLatency.avg": "double",
"aws.dynamodb.metrics.SuccessfulRequestLatency.max": "double",
"aws.dynamodb.metrics.SystemErrors.sum": "long",
"aws.dynamodb.metrics.ThrottledRequests.sum": "long",
"aws.dynamodb.metrics.TransactionConflict.avg": "double",
"aws.dynamodb.metrics.TransactionConflict.sum": "long",
"aws.dynamodb.metrics.WriteThrottleEvents.sum": "long",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"ebs": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.VolumeId": "keyword",
"aws.ebs.metrics.BurstBalance.avg": "double",
"aws.ebs.metrics.VolumeConsumedReadWriteOps.avg": "double",
"aws.ebs.metrics.VolumeIdleTime.sum": "double",
"aws.ebs.metrics.VolumeQueueLength.avg": "double",
"aws.ebs.metrics.VolumeReadBytes.avg": "double",
"aws.ebs.metrics.VolumeReadOps.avg": "double",
"aws.ebs.metrics.VolumeThroughputPercentage.avg": "double",
"aws.ebs.metrics.VolumeTotalReadTime.sum": "double",
"aws.ebs.metrics.VolumeTotalWriteTime.sum": "double",
"aws.ebs.metrics.VolumeWriteBytes.avg": "double",
"aws.ebs.metrics.VolumeWriteOps.avg": "double",
"aws.s3.bucket.name": "keyword",
"aws.tags.*": "object",
"cloud.account.id": "keyword",
"cloud.account.name": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.origin.account.id": "keyword",
"cloud.origin.account.name": "keyword",
"cloud.origin.availability_zone": "keyword",
"cloud.origin.instance.id": "keyword",
"cloud.origin.instance.name": "keyword",
"cloud.origin.machine.type": "keyword",
"cloud.origin.project.id": "keyword",
"cloud.origin.project.name": "keyword",
"cloud.origin.provider": "keyword",
"cloud.origin.region": "keyword",
"cloud.origin.service.name": "keyword",
"cloud.project.id": "keyword",
"cloud.project.name": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"cloud.service.name": "keyword",
"cloud.target.account.id": "keyword",
"cloud.target.account.name": "keyword",
"cloud.target.availability_zone": "keyword",
"cloud.target.instance.id": "keyword",
"cloud.target.instance.name": "keyword",
"cloud.target.machine.type": "keyword",
"cloud.target.project.id": "keyword",
"cloud.target.project.name": "keyword",
"cloud.target.provider": "keyword",
"cloud.target.region": "keyword",
"cloud.target.service.name": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.code": "keyword",
"error.id": "keyword",
"error.message": "match_only_text",
"error.stack_trace": "wildcard",
"error.type": "keyword",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"service.type": "keyword"
},
"ec2_logs": {
"@timestamp": "date",
"aws.ec2.ip_address": "keyword",
"cloud.account.id": "keyword",
"cloud.availability_zone": "keyword",
"cloud.image.id": "keyword",
"cloud.instance.id": "keyword",
"cloud.instance.name": "keyword",
"cloud.machine.type": "keyword",
"cloud.project.id": "keyword",
"cloud.provider": "keyword",
"cloud.region": "keyword",
"container.id": "keyword",
"container.image.name": "keyword",
"container.labels": "object",
"container.name": "keyword",
"data_stream.dataset": "constant_keyword",
"data_stream.namespace": "constant_keyword",
"data_stream.type": "constant_keyword",
"ecs.version": "keyword",
"error.message": "match_only_text",
"event.dataset": "constant_keyword",
"event.module": "constant_keyword",
"host.architecture": "keyword",
"host.containerized": "boolean",
"host.domain": "keyword",
"host.hostname": "keyword",
"host.id": "keyword",
"host.ip": "ip",
"host.mac": "keyword",
"host.name": "keyword",
"host.os.build": "keyword",
"host.os.codename": "keyword",
"host.os.family": "keyword",
"host.os.kernel": "keyword",
"host.os.name": "keyword",
"host.os.platform": "keyword",
"host.os.version": "keyword",
"host.type": "keyword",
"message": "match_only_text",
"process.name": "keyword",
"tags": "keyword"
},
"ec2_metrics": {
"@timestamp": "date",
"aws.*.metrics.*.*": "object",
"aws.cloudwatch.namespace": "keyword",
"aws.dimensions.*": "object",
"aws.dimensions.AutoScalingGroupName": "keyword",
"aws.dimensions.ImageId": "keyword",
"aws.dimensions.InstanceId": "keyword",
"aws.dimensions.InstanceType": "keyword",
"aws.ec2.cpu.credit_balance": "long",
"aws.ec2.cpu.credit_usage": "long",
"aws.ec2.cpu.surplus_credit_balance": "long",
"aws.ec2.cpu.surplus_credits_charged": "long",
"aws.ec2.cpu.total.pct": "scaled_float",
"aws.ec2.diskio.read.bytes": "long",
"aws.ec2.diskio.read.bytes_per_sec": "long",
"aws.ec2.diskio.read.count": "long",
"aws.ec2.diskio.read.count_per_sec": "long",
"aws.ec2.diskio.write.bytes": "long",
"aws.ec2.diskio.write.bytes_per_sec": "long",
"aws.ec2.diskio.write.count": "long",
"aws.ec2.diskio.write.count_per_sec": "long",
"aws.ec2.instance.core.count": "integer",
"aws.ec2.instance.image.id": "keyword",
"aws.ec2.instance.monitoring.state": "keyword",
"aws
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment