forked from elastic/ecs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhttp.yml
102 lines (88 loc) · 2.34 KB
/
http.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
---
- name: http
title: HTTP
group: 2
short: Fields describing an HTTP request.
description: >
Fields related to HTTP activity. Use the `url` field set to store the url of the request.
type: group
fields:
- name: request.method
level: extended
type: keyword
short: HTTP request method.
description: >
HTTP request method.
Prior to ECS 1.6.0 the following guidance was provided:
"The field value must be normalized to lowercase for
querying."
As of ECS 1.6.0, the guidance is deprecated because the
original case of the method may be useful in anomaly
detection. Original case will be mandated in ECS 2.0.0
example: GET, POST, PUT, PoST
- name: request.body.content
level: extended
type: keyword
description: >
The full HTTP request body.
example: Hello world
multi_fields:
- type: text
name: text
- name: request.referrer
level: extended
type: keyword
description: >
Referrer for this HTTP request.
example: https://blog.example.com/
- name: response.status_code
format: string
level: extended
type: long
description: >
HTTP response status code.
example: 404
- name: response.body.content
level: extended
type: keyword
description: >
The full HTTP response body.
example: Hello world
multi_fields:
- type: text
name: text
- name: version
level: extended
type: keyword
description: >
HTTP version.
example: 1.1
# Metrics
- name: request.bytes
level: extended
type: long
format: bytes
description: >
Total size in bytes of the request (body and headers).
example: 1437
- name: request.body.bytes
level: extended
type: long
format: bytes
description: >
Size in bytes of the request body.
example: 887
- name: response.bytes
level: extended
type: long
format: bytes
description: >
Total size in bytes of the response (body and headers).
example: 1437
- name: response.body.bytes
level: extended
type: long
format: bytes
description: >
Size in bytes of the response body.
example: 887