diff --git a/_meta/fields.generated.yml b/_meta/fields.generated.yml new file mode 100644 index 00000000..b1dd3b8a --- /dev/null +++ b/_meta/fields.generated.yml @@ -0,0 +1,672 @@ +- key: icingabeat + title: icingabeat + description: Data received from the Icinga 2 API + fields: + - name: timestamp + type: date + description: > + Timestamp of event occurrence + + - name: type + type: keyword + description: > + Type of the document + + - name: host + type: group + description: > + Details about the host. + fields: + - name: name + type: keyword + description: > + Hostname. + + - name: service + type: keyword + description: > + Service that triggered the event + + - name: state + type: integer + description: > + State of the check + + - name: state_type + type: integer + description: > + State type of the check + + - name: author + type: keyword + description: > + Author of a message + + - name: notification_type + type: keyword + description: > + Type of notification + + - name: text + type: text + description: > + Text of a message + + - name: users + type: keyword + description: > + Affected users of a notification + + - name: acknowledgement_type + type: integer + description: > + Type of an acknowledgement + + - name: expiry + type: date + description: > + Expiry of an acknowledgement + + - name: notify + type: keyword + description: > + If has been sent out + + - name: check_result.active + type: boolean + description: > + If check was active or passive + + - name: check_result.check_source + type: keyword + description: > + Icinga instance that scheduled the check + + - name: check_result.command + type: text + description: > + Command that was executed + + - name: check_result.execution_end + type: date + description: > + Time when execution of check ended + + - name: check_result.execution_start + type: date + description: > + Time when execution of check started + + - name: check_result.exit_status + type: integer + description: > + Exit status + + - name: check_result.output + type: text + description: > + Output of check + + - name: check_result.performance_data + type: text + description: > + Performance data in text format + + - name: check_result.schedule_end + type: date + description: > + Time when scheduling of the check ended + + - name: check_result.schedule_start + type: date + description: > + Time when check was scheduled + + - name: check_result.state + type: integer + description: > + State of the check + + - name: check_result.type + type: keyword + description: > + Type of this event + + - name: check_result.vars_after.attempt + type: integer + description: > + Check attempt after check execution + + - name: check_result.vars_after.reachable + type: boolean + description: > + Reachable state after check execution + + - name: check_result.vars_after.state + type: integer + description: > + State of the check after execution + + - name: check_result.vars_after.state_type + type: integer + description: > + State type after execution + + - name: check_result.vars_before.attempt + type: integer + description: > + Check attempt before check execution + + - name: check_result.vars_before.reachable + type: boolean + description: > + Reachable state before check execution + + - name: check_result.vars_before.state + type: integer + description: > + Check state before check execution + + - name: check_result.vars_before.state_type + type: integer + description: > + State type before check execution + + - name: comment.__name + type: text + description: > + Unique identifier of a comment + + - name: comment.author + type: keyword + description: > + Author of a comment + + - name: comment.entry_time + type: date + description: > + Entry time of a comment + + - name: comment.entry_type + type: integer + description: > + Entry type of a comment + + - name: comment.expire_time + type: date + description: > + Expire time of a comment + + - name: comment.host_name + type: keyword + description: > + Host name of a comment + + - name: comment.legacy_id + type: integer + description: > + Legacy ID of a comment + + - name: comment.name + type: keyword + description: > + Identifier of a comment + + - name: comment.package + type: keyword + description: > + Config package of a comment + + - name: comment.service_name + type: keyword + description: > + Service name of a comment + + - name: comment.templates + type: text + description: > + Templates used by a comment + + - name: comment.text + type: text + description: > + Text of a comment + + - name: comment.type + type: keyword + description: > + Comment type + + - name: comment.version + type: keyword + description: > + Config version of comment object + + - name: comment.zone + type: keyword + description: > + Zone where comment was generated + + - name: downtime.__name + type: text + description: > + Unique identifier of a downtime + + - name: downtime.author + type: keyword + description: > + Author of a downtime + + - name: downtime.comment + type: text + description: > + Text of a downtime + + - name: downtime.config_owner + type: text + description: > + Config owner + + - name: downtime.duration + type: integer + description: > + Duration of a downtime + + - name: downtime.end_time + type: date + description: > + Timestamp of downtime end + + - name: downtime.entry_time + type: date + description: > + Timestamp when downtime was created + + - name: downtime.fixed + type: boolean + description: > + If downtime is fixed or flexible + + - name: downtime.host_name + type: keyword + description: > + Hostname of a downtime + + - name: downtime.legacy_id + type: integer + description: > + The integer ID of a downtime + + - name: downtime.name + type: keyword + description: > + Downtime config identifier + + - name: downtime.package + type: keyword + description: > + Configuration package of downtime + + - name: downtime.scheduled_by + type: text + description: > + By whom downtime was scheduled + + - name: downtime.service_name + type: keyword + description: > + Service name of a downtime + + - name: downtime.start_time + type: date + description: > + Timestamp when downtime starts + + - name: downtime.templates + type: text + description: > + Templates used by this downtime + + - name: downtime.trigger_time + type: date + description: > + Timestamp when downtime was triggered + + - name: downtime.triggered_by + type: text + description: > + By whom downtime was triggered + + - name: downtime.triggers + type: text + description: > + Downtime triggers + + - name: downtime.type + type: keyword + description: > + Downtime type + + - name: downtime.version + type: keyword + description: > + Config version of downtime + + - name: downtime.was_cancelled + type: boolean + description: > + If downtime was cancelled + + - name: downtime.zone + type: keyword + description: > + Zone of downtime + + - name: status.active_host_checks + type: integer + description: > + Active host checks + + + - name: status.active_host_checks_15min + type: integer + description: > + Active host checks in the last 15 minutes + + + - name: status.active_host_checks_1min + type: integer + description: > + Acitve host checks in the last minute + + + - name: status.active_host_checks_5min + type: integer + description: > + Active host checks in the last 5 minutes + + + - name: status.active_service_checks + type: integer + description: > + Active service checks + + - name: status.active_service_checks_15min + type: integer + description: > + Active service checks in the last 15 minutes + + - name: status.active_service_checks_1min + type: integer + description: > + Active service checks in the last minute + + - name: status.active_service_checks_5min + type: integer + description: > + Active service checks in the last 5 minutes + + - name: status.api.identity + type: keyword + description: > + API identity + + - name: status.api.num_conn_endpoints + type: integer + description: > + Number of connected endpoints + + - name: status.api.num_endpoints + type: integer + description: > + Total number of endpoints + + - name: status.api.num_not_conn_endpoints + type: integer + description: > + Number of not connected endpoints + + - name: status.avg_execution_time + type: integer + description: > + Average execution time of checks + + - name: status.avg_latency + type: integer + description: > + Average latency time + + - name: status.checkercomponent.checker.idle + type: integer + description: > + Idle checks + + - name: status.checkercomponent.checker.pending + type: integer + description: > + Pending checks + + - name: status.filelogger.main-log + type: integer + description: > + Mainlog enabled + + - name: status.icingaapplication.app.enable_event_handlers + type: boolean + description: > + Event handlers enabled + + - name: status.icingaapplication.app.enable_flapping + type: boolean + description: > + Flapping detection enabled + + - name: status.icingaapplication.app.enable_host_checks + type: boolean + description: > + Host checks enabled + + - name: status.icingaapplication.app.enable_notifications + type: boolean + description: > + Notifications enabled + + - name: status.icingaapplication.app.enable_perfdata + type: boolean + description: > + Perfdata enabled + + - name: status.icingaapplication.app.enable_service_checks + type: boolean + description: > + Service checks enabled + + - name: status.icingaapplication.app.node_name + type: keyword + description: > + Node name + + - name: status.icingaapplication.app.pid + type: integer + description: > + PID + + - name: status.icingaapplication.app.program_start + type: integer + description: > + Time when Icinga started + + - name: status.icingaapplication.app.version + type: keyword + description: > + Version + + - name: status.idomysqlconnection.ido-mysql.connected + type: boolean + description: > + IDO connected + + - name: status.idomysqlconnection.ido-mysql.instance_name + type: keyword + description: > + IDO Instance name + + - name: status.idomysqlconnection.ido-mysql.query_queue_items + type: integer + description: > + IDO query items in the queue + + - name: status.idomysqlconnection.ido-mysql.version + type: keyword + description: > + IDO schema version + + - name: status.max_execution_time + type: integer + description: > + Max execution time + + - name: status.max_latency + type: integer + description: > + Max latency + + - name: status.min_execution_time + type: integer + description: > + Min execution time + + - name: status.min_latency + type: integer + description: > + Min latency + + - name: status.notificationcomponent.notification + type: integer + description: > + Notification + + - name: status.num_hosts_acknowledged + type: integer + description: > + Amount of acknowledged hosts + + - name: status.num_hosts_down + type: integer + description: > + Amount of down hosts + + - name: status.num_hosts_flapping + type: integer + description: > + Amount of flapping hosts + + - name: status.num_hosts_in_downtime + type: integer + description: > + Amount of hosts in downtime + + - name: status.num_hosts_pending + type: integer + description: > + Amount of pending hosts + + - name: status.num_hosts_unreachable + type: integer + description: > + Amount of unreachable hosts + + - name: status.num_hosts_up + type: integer + description: > + Amount of hosts in up state + + - name: status.num_services_acknowledged + type: integer + description: > + Amount of acknowledged services + + - name: status.num_services_critical + type: integer + description: > + Amount of critical services + + - name: status.num_services_flapping + type: integer + description: > + Amount of flapping services + + - name: status.num_services_in_downtime + type: integer + description: > + Amount of services in downtime + + - name: status.num_services_ok + type: integer + description: > + Amount of services in ok state + + - name: status.num_services_pending + type: integer + description: > + Amount of pending services + + - name: status.num_services_unknown + type: integer + description: > + Amount of unknown services + + - name: status.num_services_unreachable + type: integer + description: > + Amount of unreachable services + + - name: status.num_services_warning + type: integer + description: > + Amount of services in warning state + + - name: status.passive_host_checks + type: integer + description: > + Amount of passive host checks + + - name: status.passive_host_checks_15min + type: integer + description: > + Amount of passive host checks in the last 15 minutes + + - name: status.passive_host_checks_1min + type: integer + description: > + Amount of passive host checks in the last minute + + - name: status.passive_host_checks_5min + type: integer + description: > + Amount of passive host checks in the last 5 minutes + + - name: status.passive_service_checks + type: integer + description: > + Amount of passive service checks + + - name: status.passive_service_checks_15min + type: integer + description: > + Amount of passive service checks in the last 15 minutes + + - name: status.passive_service_checks_1min + type: integer + description: > + Amount of passive service checks in the last minute + + - name: status.passive_service_checks_5min + type: integer + description: > + Amount of passive service checks in the last 5 minutes + + - name: status.uptime + type: integer + description: > + Uptime diff --git a/_meta/fields.yml b/_meta/fields.yml index d99274af..d08de057 100644 --- a/_meta/fields.yml +++ b/_meta/fields.yml @@ -12,11 +12,6 @@ description: > Type of the document - - name: host - type: keyword - description: > - Host that triggered the event - - name: service type: keyword description: > diff --git a/docs/fields.asciidoc b/docs/fields.asciidoc index 6517af19..e66ac34a 100644 --- a/docs/fields.asciidoc +++ b/docs/fields.asciidoc @@ -15,6 +15,7 @@ grouped in the following categories: * <> * <> * <> +* <> * <> * <> @@ -26,33 +27,41 @@ Contains common beat fields available in all event types. -[float] -=== `beat.name` - +*`beat.name`*:: ++ +-- The name of the Beat sending the log messages. If the Beat name is set in the configuration file, then that value is used. If it is not set, the hostname is used. To set the Beat name, use the `name` option in the configuration file. -[float] -=== `beat.hostname` +-- +*`beat.hostname`*:: ++ +-- The hostname as returned by the operating system on which the Beat is running. -[float] -=== `beat.timezone` +-- +*`beat.timezone`*:: ++ +-- The timezone as returned by the operating system on which the Beat is running. -[float] -=== `beat.version` +-- +*`beat.version`*:: ++ +-- The version of the beat that generated this event. -[float] -=== `@timestamp` +-- +*`@timestamp`*:: ++ +-- type: date example: August 26th 2016, 12:35:53.332 @@ -64,20 +73,26 @@ required: True The timestamp when the event log record was generated. -[float] -=== `tags` +-- +*`tags`*:: ++ +-- Arbitrary tags that can be set per Beat and per transaction type. -[float] -=== `fields` +-- +*`fields`*:: ++ +-- type: object Contains user configurable fields. +-- + [float] == error fields @@ -85,30 +100,36 @@ Error fields containing additional info in case of errors. -[float] -=== `error.message` - +*`error.message`*:: ++ +-- type: text Error message. -[float] -=== `error.code` +-- +*`error.code`*:: ++ +-- type: long Error code. -[float] -=== `error.type` +-- +*`error.type`*:: ++ +-- type: keyword Error type. +-- + [[exported-fields-cloud]] == Cloud provider metadata fields @@ -116,56 +137,70 @@ Metadata from cloud providers added by the add_cloud_metadata processor. -[float] -=== `meta.cloud.provider` - +*`meta.cloud.provider`*:: ++ +-- example: ec2 Name of the cloud provider. Possible values are ec2, gce, or digitalocean. -[float] -=== `meta.cloud.instance_id` +-- +*`meta.cloud.instance_id`*:: ++ +-- Instance ID of the host machine. -[float] -=== `meta.cloud.instance_name` +-- +*`meta.cloud.instance_name`*:: ++ +-- Instance name of the host machine. -[float] -=== `meta.cloud.machine_type` +-- +*`meta.cloud.machine_type`*:: ++ +-- example: t2.medium Machine type of the host machine. -[float] -=== `meta.cloud.availability_zone` +-- +*`meta.cloud.availability_zone`*:: ++ +-- example: us-east-1c Availability zone in which this host is running. -[float] -=== `meta.cloud.project_id` +-- +*`meta.cloud.project_id`*:: ++ +-- example: project-x Name of the project in Google Cloud. -[float] -=== `meta.cloud.region` +-- +*`meta.cloud.region`*:: ++ +-- Region in which this host is running. +-- + [[exported-fields-docker-processor]] == Docker fields @@ -174,1100 +209,1447 @@ Docker stats collected from Docker. -[float] -=== `docker.container.id` - +*`docker.container.id`*:: ++ +-- type: keyword Unique container id. -[float] -=== `docker.container.image` +-- +*`docker.container.image`*:: ++ +-- type: keyword Name of the image the container was built on. -[float] -=== `docker.container.name` +-- +*`docker.container.name`*:: ++ +-- type: keyword Container name. -[float] -=== `docker.container.labels` +-- +*`docker.container.labels`*:: ++ +-- type: object Image labels. +-- + +[[exported-fields-host-processor]] +== Host fields + +Info collected for the host machine. + + + + +*`host.name`*:: ++ +-- +type: keyword + +Hostname. + + +-- + +*`host.id`*:: ++ +-- +type: keyword + +Unique host id. + + +-- + +*`host.architecture`*:: ++ +-- +type: keyword + +Host architecture (e.g. x86_64, arm, ppc, mips). + + +-- + +*`host.os.platform`*:: ++ +-- +type: keyword + +OS platform (e.g. centos, ubuntu, windows). + + +-- + +*`host.os.version`*:: ++ +-- +type: keyword + +OS version. + + +-- + +*`host.os.family`*:: ++ +-- +type: keyword + +OS family (e.g. redhat, debian, freebsd, windows). + + +-- + [[exported-fields-icingabeat]] == icingabeat fields Data received from the Icinga 2 API -[float] -=== `timestamp` - +*`timestamp`*:: ++ +-- type: date Timestamp of event occurrence -[float] -=== `type` +-- +*`type`*:: ++ +-- type: keyword Type of the document -[float] -=== `host` +-- +[float] +== host fields + +Details about the host. + + + +*`host.name`*:: ++ +-- type: keyword -Host that triggered the event +Hostname. -[float] -=== `service` +-- +*`service`*:: ++ +-- type: keyword Service that triggered the event -[float] -=== `state` +-- +*`state`*:: ++ +-- type: integer State of the check -[float] -=== `state_type` +-- +*`state_type`*:: ++ +-- type: integer State type of the check -[float] -=== `author` +-- +*`author`*:: ++ +-- type: keyword Author of a message -[float] -=== `notification_type` +-- +*`notification_type`*:: ++ +-- type: keyword Type of notification -[float] -=== `text` +-- +*`text`*:: ++ +-- type: text Text of a message -[float] -=== `users` +-- +*`users`*:: ++ +-- type: keyword Affected users of a notification -[float] -=== `acknowledgement_type` +-- +*`acknowledgement_type`*:: ++ +-- type: integer Type of an acknowledgement -[float] -=== `expiry` +-- +*`expiry`*:: ++ +-- type: date Expiry of an acknowledgement -[float] -=== `notify` +-- +*`notify`*:: ++ +-- type: keyword If has been sent out -[float] -=== `check_result.active` +-- +*`check_result.active`*:: ++ +-- type: boolean If check was active or passive -[float] -=== `check_result.check_source` +-- +*`check_result.check_source`*:: ++ +-- type: keyword Icinga instance that scheduled the check -[float] -=== `check_result.command` +-- +*`check_result.command`*:: ++ +-- type: text Command that was executed -[float] -=== `check_result.execution_end` +-- +*`check_result.execution_end`*:: ++ +-- type: date Time when execution of check ended -[float] -=== `check_result.execution_start` +-- +*`check_result.execution_start`*:: ++ +-- type: date Time when execution of check started -[float] -=== `check_result.exit_status` +-- +*`check_result.exit_status`*:: ++ +-- type: integer Exit status -[float] -=== `check_result.output` +-- +*`check_result.output`*:: ++ +-- type: text Output of check -[float] -=== `check_result.performance_data` +-- +*`check_result.performance_data`*:: ++ +-- type: text Performance data in text format -[float] -=== `check_result.schedule_end` +-- +*`check_result.schedule_end`*:: ++ +-- type: date Time when scheduling of the check ended -[float] -=== `check_result.schedule_start` +-- +*`check_result.schedule_start`*:: ++ +-- type: date Time when check was scheduled -[float] -=== `check_result.state` +-- +*`check_result.state`*:: ++ +-- type: integer State of the check -[float] -=== `check_result.type` +-- +*`check_result.type`*:: ++ +-- type: keyword Type of this event -[float] -=== `check_result.vars_after.attempt` +-- +*`check_result.vars_after.attempt`*:: ++ +-- type: integer Check attempt after check execution -[float] -=== `check_result.vars_after.reachable` +-- +*`check_result.vars_after.reachable`*:: ++ +-- type: boolean Reachable state after check execution -[float] -=== `check_result.vars_after.state` +-- +*`check_result.vars_after.state`*:: ++ +-- type: integer State of the check after execution -[float] -=== `check_result.vars_after.state_type` +-- +*`check_result.vars_after.state_type`*:: ++ +-- type: integer State type after execution -[float] -=== `check_result.vars_before.attempt` +-- +*`check_result.vars_before.attempt`*:: ++ +-- type: integer Check attempt before check execution -[float] -=== `check_result.vars_before.reachable` +-- +*`check_result.vars_before.reachable`*:: ++ +-- type: boolean Reachable state before check execution -[float] -=== `check_result.vars_before.state` +-- +*`check_result.vars_before.state`*:: ++ +-- type: integer Check state before check execution -[float] -=== `check_result.vars_before.state_type` +-- +*`check_result.vars_before.state_type`*:: ++ +-- type: integer State type before check execution -[float] -=== `comment.__name` +-- +*`comment.__name`*:: ++ +-- type: text Unique identifier of a comment -[float] -=== `comment.author` +-- +*`comment.author`*:: ++ +-- type: keyword Author of a comment -[float] -=== `comment.entry_time` +-- +*`comment.entry_time`*:: ++ +-- type: date Entry time of a comment -[float] -=== `comment.entry_type` +-- +*`comment.entry_type`*:: ++ +-- type: integer Entry type of a comment -[float] -=== `comment.expire_time` +-- +*`comment.expire_time`*:: ++ +-- type: date Expire time of a comment -[float] -=== `comment.host_name` +-- +*`comment.host_name`*:: ++ +-- type: keyword Host name of a comment -[float] -=== `comment.legacy_id` +-- +*`comment.legacy_id`*:: ++ +-- type: integer Legacy ID of a comment -[float] -=== `comment.name` +-- +*`comment.name`*:: ++ +-- type: keyword Identifier of a comment -[float] -=== `comment.package` +-- +*`comment.package`*:: ++ +-- type: keyword Config package of a comment -[float] -=== `comment.service_name` +-- +*`comment.service_name`*:: ++ +-- type: keyword Service name of a comment -[float] -=== `comment.templates` +-- +*`comment.templates`*:: ++ +-- type: text Templates used by a comment -[float] -=== `comment.text` +-- +*`comment.text`*:: ++ +-- type: text Text of a comment -[float] -=== `comment.type` +-- +*`comment.type`*:: ++ +-- type: keyword Comment type -[float] -=== `comment.version` +-- +*`comment.version`*:: ++ +-- type: keyword Config version of comment object -[float] -=== `comment.zone` +-- +*`comment.zone`*:: ++ +-- type: keyword Zone where comment was generated -[float] -=== `downtime.__name` +-- +*`downtime.__name`*:: ++ +-- type: text Unique identifier of a downtime -[float] -=== `downtime.author` +-- +*`downtime.author`*:: ++ +-- type: keyword Author of a downtime -[float] -=== `downtime.comment` +-- +*`downtime.comment`*:: ++ +-- type: text Text of a downtime -[float] -=== `downtime.config_owner` +-- +*`downtime.config_owner`*:: ++ +-- type: text Config owner -[float] -=== `downtime.duration` +-- +*`downtime.duration`*:: ++ +-- type: integer Duration of a downtime -[float] -=== `downtime.end_time` +-- +*`downtime.end_time`*:: ++ +-- type: date Timestamp of downtime end -[float] -=== `downtime.entry_time` +-- +*`downtime.entry_time`*:: ++ +-- type: date Timestamp when downtime was created -[float] -=== `downtime.fixed` +-- +*`downtime.fixed`*:: ++ +-- type: boolean If downtime is fixed or flexible -[float] -=== `downtime.host_name` +-- +*`downtime.host_name`*:: ++ +-- type: keyword Hostname of a downtime -[float] -=== `downtime.legacy_id` +-- +*`downtime.legacy_id`*:: ++ +-- type: integer The integer ID of a downtime -[float] -=== `downtime.name` +-- +*`downtime.name`*:: ++ +-- type: keyword Downtime config identifier -[float] -=== `downtime.package` +-- +*`downtime.package`*:: ++ +-- type: keyword Configuration package of downtime -[float] -=== `downtime.scheduled_by` +-- +*`downtime.scheduled_by`*:: ++ +-- type: text By whom downtime was scheduled -[float] -=== `downtime.service_name` +-- +*`downtime.service_name`*:: ++ +-- type: keyword Service name of a downtime -[float] -=== `downtime.start_time` +-- +*`downtime.start_time`*:: ++ +-- type: date Timestamp when downtime starts -[float] -=== `downtime.templates` +-- +*`downtime.templates`*:: ++ +-- type: text Templates used by this downtime -[float] -=== `downtime.trigger_time` +-- +*`downtime.trigger_time`*:: ++ +-- type: date Timestamp when downtime was triggered -[float] -=== `downtime.triggered_by` +-- +*`downtime.triggered_by`*:: ++ +-- type: text By whom downtime was triggered -[float] -=== `downtime.triggers` +-- +*`downtime.triggers`*:: ++ +-- type: text Downtime triggers -[float] -=== `downtime.type` +-- +*`downtime.type`*:: ++ +-- type: keyword Downtime type -[float] -=== `downtime.version` +-- +*`downtime.version`*:: ++ +-- type: keyword Config version of downtime -[float] -=== `downtime.was_cancelled` +-- +*`downtime.was_cancelled`*:: ++ +-- type: boolean If downtime was cancelled -[float] -=== `downtime.zone` +-- +*`downtime.zone`*:: ++ +-- type: keyword Zone of downtime -[float] -=== `status.active_host_checks` +-- +*`status.active_host_checks`*:: ++ +-- type: integer Active host checks -[float] -=== `status.active_host_checks_15min` +-- +*`status.active_host_checks_15min`*:: ++ +-- type: integer Active host checks in the last 15 minutes -[float] -=== `status.active_host_checks_1min` +-- +*`status.active_host_checks_1min`*:: ++ +-- type: integer Acitve host checks in the last minute -[float] -=== `status.active_host_checks_5min` +-- +*`status.active_host_checks_5min`*:: ++ +-- type: integer Active host checks in the last 5 minutes -[float] -=== `status.active_service_checks` +-- +*`status.active_service_checks`*:: ++ +-- type: integer Active service checks -[float] -=== `status.active_service_checks_15min` +-- +*`status.active_service_checks_15min`*:: ++ +-- type: integer Active service checks in the last 15 minutes -[float] -=== `status.active_service_checks_1min` +-- +*`status.active_service_checks_1min`*:: ++ +-- type: integer Active service checks in the last minute -[float] -=== `status.active_service_checks_5min` +-- +*`status.active_service_checks_5min`*:: ++ +-- type: integer Active service checks in the last 5 minutes -[float] -=== `status.api.identity` +-- +*`status.api.identity`*:: ++ +-- type: keyword API identity -[float] -=== `status.api.num_conn_endpoints` +-- +*`status.api.num_conn_endpoints`*:: ++ +-- type: integer Number of connected endpoints -[float] -=== `status.api.num_endpoints` +-- +*`status.api.num_endpoints`*:: ++ +-- type: integer Total number of endpoints -[float] -=== `status.api.num_not_conn_endpoints` +-- +*`status.api.num_not_conn_endpoints`*:: ++ +-- type: integer Number of not connected endpoints -[float] -=== `status.avg_execution_time` +-- +*`status.avg_execution_time`*:: ++ +-- type: integer Average execution time of checks -[float] -=== `status.avg_latency` +-- +*`status.avg_latency`*:: ++ +-- type: integer Average latency time -[float] -=== `status.checkercomponent.checker.idle` +-- +*`status.checkercomponent.checker.idle`*:: ++ +-- type: integer Idle checks -[float] -=== `status.checkercomponent.checker.pending` +-- +*`status.checkercomponent.checker.pending`*:: ++ +-- type: integer Pending checks -[float] -=== `status.filelogger.main-log` +-- +*`status.filelogger.main-log`*:: ++ +-- type: integer Mainlog enabled -[float] -=== `status.icingaapplication.app.enable_event_handlers` +-- +*`status.icingaapplication.app.enable_event_handlers`*:: ++ +-- type: boolean Event handlers enabled -[float] -=== `status.icingaapplication.app.enable_flapping` +-- +*`status.icingaapplication.app.enable_flapping`*:: ++ +-- type: boolean Flapping detection enabled -[float] -=== `status.icingaapplication.app.enable_host_checks` +-- +*`status.icingaapplication.app.enable_host_checks`*:: ++ +-- type: boolean Host checks enabled -[float] -=== `status.icingaapplication.app.enable_notifications` +-- +*`status.icingaapplication.app.enable_notifications`*:: ++ +-- type: boolean Notifications enabled -[float] -=== `status.icingaapplication.app.enable_perfdata` +-- +*`status.icingaapplication.app.enable_perfdata`*:: ++ +-- type: boolean Perfdata enabled -[float] -=== `status.icingaapplication.app.enable_service_checks` +-- +*`status.icingaapplication.app.enable_service_checks`*:: ++ +-- type: boolean Service checks enabled -[float] -=== `status.icingaapplication.app.node_name` +-- +*`status.icingaapplication.app.node_name`*:: ++ +-- type: keyword Node name -[float] -=== `status.icingaapplication.app.pid` +-- +*`status.icingaapplication.app.pid`*:: ++ +-- type: integer PID -[float] -=== `status.icingaapplication.app.program_start` +-- +*`status.icingaapplication.app.program_start`*:: ++ +-- type: integer Time when Icinga started -[float] -=== `status.icingaapplication.app.version` +-- +*`status.icingaapplication.app.version`*:: ++ +-- type: keyword Version -[float] -=== `status.idomysqlconnection.ido-mysql.connected` +-- +*`status.idomysqlconnection.ido-mysql.connected`*:: ++ +-- type: boolean IDO connected -[float] -=== `status.idomysqlconnection.ido-mysql.instance_name` +-- +*`status.idomysqlconnection.ido-mysql.instance_name`*:: ++ +-- type: keyword IDO Instance name -[float] -=== `status.idomysqlconnection.ido-mysql.query_queue_items` +-- +*`status.idomysqlconnection.ido-mysql.query_queue_items`*:: ++ +-- type: integer IDO query items in the queue -[float] -=== `status.idomysqlconnection.ido-mysql.version` +-- +*`status.idomysqlconnection.ido-mysql.version`*:: ++ +-- type: keyword IDO schema version -[float] -=== `status.max_execution_time` +-- +*`status.max_execution_time`*:: ++ +-- type: integer Max execution time -[float] -=== `status.max_latency` +-- +*`status.max_latency`*:: ++ +-- type: integer Max latency -[float] -=== `status.min_execution_time` +-- +*`status.min_execution_time`*:: ++ +-- type: integer Min execution time -[float] -=== `status.min_latency` +-- +*`status.min_latency`*:: ++ +-- type: integer Min latency -[float] -=== `status.notificationcomponent.notification` +-- +*`status.notificationcomponent.notification`*:: ++ +-- type: integer Notification -[float] -=== `status.num_hosts_acknowledged` +-- +*`status.num_hosts_acknowledged`*:: ++ +-- type: integer Amount of acknowledged hosts -[float] -=== `status.num_hosts_down` +-- +*`status.num_hosts_down`*:: ++ +-- type: integer Amount of down hosts -[float] -=== `status.num_hosts_flapping` +-- +*`status.num_hosts_flapping`*:: ++ +-- type: integer Amount of flapping hosts -[float] -=== `status.num_hosts_in_downtime` +-- +*`status.num_hosts_in_downtime`*:: ++ +-- type: integer Amount of hosts in downtime -[float] -=== `status.num_hosts_pending` +-- +*`status.num_hosts_pending`*:: ++ +-- type: integer Amount of pending hosts -[float] -=== `status.num_hosts_unreachable` +-- +*`status.num_hosts_unreachable`*:: ++ +-- type: integer Amount of unreachable hosts -[float] -=== `status.num_hosts_up` +-- +*`status.num_hosts_up`*:: ++ +-- type: integer Amount of hosts in up state -[float] -=== `status.num_services_acknowledged` +-- +*`status.num_services_acknowledged`*:: ++ +-- type: integer Amount of acknowledged services -[float] -=== `status.num_services_critical` +-- +*`status.num_services_critical`*:: ++ +-- type: integer Amount of critical services -[float] -=== `status.num_services_flapping` +-- +*`status.num_services_flapping`*:: ++ +-- type: integer Amount of flapping services -[float] -=== `status.num_services_in_downtime` +-- +*`status.num_services_in_downtime`*:: ++ +-- type: integer Amount of services in downtime -[float] -=== `status.num_services_ok` +-- +*`status.num_services_ok`*:: ++ +-- type: integer Amount of services in ok state -[float] -=== `status.num_services_pending` +-- +*`status.num_services_pending`*:: ++ +-- type: integer Amount of pending services -[float] -=== `status.num_services_unknown` +-- +*`status.num_services_unknown`*:: ++ +-- type: integer Amount of unknown services -[float] -=== `status.num_services_unreachable` +-- +*`status.num_services_unreachable`*:: ++ +-- type: integer Amount of unreachable services -[float] -=== `status.num_services_warning` +-- +*`status.num_services_warning`*:: ++ +-- type: integer Amount of services in warning state -[float] -=== `status.passive_host_checks` +-- +*`status.passive_host_checks`*:: ++ +-- type: integer Amount of passive host checks -[float] -=== `status.passive_host_checks_15min` +-- +*`status.passive_host_checks_15min`*:: ++ +-- type: integer Amount of passive host checks in the last 15 minutes -[float] -=== `status.passive_host_checks_1min` +-- +*`status.passive_host_checks_1min`*:: ++ +-- type: integer Amount of passive host checks in the last minute -[float] -=== `status.passive_host_checks_5min` +-- +*`status.passive_host_checks_5min`*:: ++ +-- type: integer Amount of passive host checks in the last 5 minutes -[float] -=== `status.passive_service_checks` +-- +*`status.passive_service_checks`*:: ++ +-- type: integer Amount of passive service checks -[float] -=== `status.passive_service_checks_15min` +-- +*`status.passive_service_checks_15min`*:: ++ +-- type: integer Amount of passive service checks in the last 15 minutes -[float] -=== `status.passive_service_checks_1min` +-- +*`status.passive_service_checks_1min`*:: ++ +-- type: integer Amount of passive service checks in the last minute -[float] -=== `status.passive_service_checks_5min` +-- +*`status.passive_service_checks_5min`*:: ++ +-- type: integer Amount of passive service checks in the last 5 minutes -[float] -=== `status.uptime` +-- +*`status.uptime`*:: ++ +-- type: integer Uptime +-- + [[exported-fields-kubernetes-processor]] == Kubernetes fields @@ -1276,59 +1658,73 @@ Kubernetes metadata added by the kubernetes processor -[float] -=== `kubernetes.pod.name` - +*`kubernetes.pod.name`*:: ++ +-- type: keyword Kubernetes pod name -[float] -=== `kubernetes.namespace` +-- +*`kubernetes.namespace`*:: ++ +-- type: keyword Kubernetes namespace -[float] -=== `kubernetes.node.name` +-- +*`kubernetes.node.name`*:: ++ +-- type: keyword Kubernetes node name -[float] -=== `kubernetes.labels` +-- +*`kubernetes.labels`*:: ++ +-- type: object Kubernetes labels map -[float] -=== `kubernetes.annotations` +-- +*`kubernetes.annotations`*:: ++ +-- type: object Kubernetes annotations map -[float] -=== `kubernetes.container.name` +-- +*`kubernetes.container.name`*:: ++ +-- type: keyword Kubernetes container name -[float] -=== `kubernetes.container.image` +-- +*`kubernetes.container.image`*:: ++ +-- type: keyword Kubernetes container image +-- + diff --git a/fields.yml b/fields.yml new file mode 100644 index 00000000..3c95af91 --- /dev/null +++ b/fields.yml @@ -0,0 +1,874 @@ + +- key: beat + title: Beat + description: > + Contains common beat fields available in all event types. + fields: + + - name: beat.name + description: > + The name of the Beat sending the log messages. If the Beat name is + set in the configuration file, then that value is used. If it is not + set, the hostname is used. To set the Beat name, use the `name` + option in the configuration file. + - name: beat.hostname + description: > + The hostname as returned by the operating system on which the Beat is + running. + - name: beat.timezone + description: > + The timezone as returned by the operating system on which the Beat is + running. + - name: beat.version + description: > + The version of the beat that generated this event. + + - name: "@timestamp" + type: date + required: true + format: date + example: August 26th 2016, 12:35:53.332 + description: > + The timestamp when the event log record was generated. + + - name: tags + description: > + Arbitrary tags that can be set per Beat and per transaction + type. + + - name: fields + type: object + object_type: keyword + description: > + Contains user configurable fields. + + - name: error + type: group + description: > + Error fields containing additional info in case of errors. + fields: + - name: message + type: text + description: > + Error message. + - name: code + type: long + description: > + Error code. + - name: type + type: keyword + description: > + Error type. +- key: cloud + title: Cloud provider metadata + description: > + Metadata from cloud providers added by the add_cloud_metadata processor. + fields: + + - name: meta.cloud.provider + example: ec2 + description: > + Name of the cloud provider. Possible values are ec2, gce, or digitalocean. + + - name: meta.cloud.instance_id + description: > + Instance ID of the host machine. + + - name: meta.cloud.instance_name + description: > + Instance name of the host machine. + + - name: meta.cloud.machine_type + example: t2.medium + description: > + Machine type of the host machine. + + - name: meta.cloud.availability_zone + example: us-east-1c + description: > + Availability zone in which this host is running. + + - name: meta.cloud.project_id + example: project-x + description: > + Name of the project in Google Cloud. + + - name: meta.cloud.region + description: > + Region in which this host is running. +- key: docker + title: Docker + description: > + Docker stats collected from Docker. + short_config: false + anchor: docker-processor + fields: + - name: docker + type: group + fields: + - name: container.id + type: keyword + description: > + Unique container id. + - name: container.image + type: keyword + description: > + Name of the image the container was built on. + - name: container.name + type: keyword + description: > + Container name. + - name: container.labels + type: object + object_type: keyword + description: > + Image labels. +- key: host + title: Host + description: > + Info collected for the host machine. + anchor: host-processor + fields: + - name: host + type: group + fields: + - name: name + type: keyword + description: > + Hostname. + - name: id + type: keyword + description: > + Unique host id. + - name: architecture + type: keyword + description: > + Host architecture (e.g. x86_64, arm, ppc, mips). + - name: os.platform + type: keyword + description: > + OS platform (e.g. centos, ubuntu, windows). + - name: os.version + type: keyword + description: > + OS version. + - name: os.family + type: keyword + description: > + OS family (e.g. redhat, debian, freebsd, windows). +- key: kubernetes + title: Kubernetes + description: > + Kubernetes metadata added by the kubernetes processor + short_config: false + anchor: kubernetes-processor + fields: + - name: kubernetes + type: group + fields: + - name: pod.name + type: keyword + description: > + Kubernetes pod name + + - name: namespace + type: keyword + description: > + Kubernetes namespace + + - name: node.name + type: keyword + description: > + Kubernetes node name + + - name: labels + type: object + description: > + Kubernetes labels map + + - name: annotations + type: object + description: > + Kubernetes annotations map + + - name: container.name + type: keyword + description: > + Kubernetes container name + + - name: container.image + type: keyword + description: > + Kubernetes container image +- key: icingabeat + title: icingabeat + description: Data received from the Icinga 2 API + fields: + - name: timestamp + type: date + description: > + Timestamp of event occurrence + + - name: type + type: keyword + description: > + Type of the document + + - name: host + type: group + description: > + Details about the host. + fields: + - name: name + type: keyword + description: > + Hostname. + + - name: service + type: keyword + description: > + Service that triggered the event + + - name: state + type: integer + description: > + State of the check + + - name: state_type + type: integer + description: > + State type of the check + + - name: author + type: keyword + description: > + Author of a message + + - name: notification_type + type: keyword + description: > + Type of notification + + - name: text + type: text + description: > + Text of a message + + - name: users + type: keyword + description: > + Affected users of a notification + + - name: acknowledgement_type + type: integer + description: > + Type of an acknowledgement + + - name: expiry + type: date + description: > + Expiry of an acknowledgement + + - name: notify + type: keyword + description: > + If has been sent out + + - name: check_result.active + type: boolean + description: > + If check was active or passive + + - name: check_result.check_source + type: keyword + description: > + Icinga instance that scheduled the check + + - name: check_result.command + type: text + description: > + Command that was executed + + - name: check_result.execution_end + type: date + description: > + Time when execution of check ended + + - name: check_result.execution_start + type: date + description: > + Time when execution of check started + + - name: check_result.exit_status + type: integer + description: > + Exit status + + - name: check_result.output + type: text + description: > + Output of check + + - name: check_result.performance_data + type: text + description: > + Performance data in text format + + - name: check_result.schedule_end + type: date + description: > + Time when scheduling of the check ended + + - name: check_result.schedule_start + type: date + description: > + Time when check was scheduled + + - name: check_result.state + type: integer + description: > + State of the check + + - name: check_result.type + type: keyword + description: > + Type of this event + + - name: check_result.vars_after.attempt + type: integer + description: > + Check attempt after check execution + + - name: check_result.vars_after.reachable + type: boolean + description: > + Reachable state after check execution + + - name: check_result.vars_after.state + type: integer + description: > + State of the check after execution + + - name: check_result.vars_after.state_type + type: integer + description: > + State type after execution + + - name: check_result.vars_before.attempt + type: integer + description: > + Check attempt before check execution + + - name: check_result.vars_before.reachable + type: boolean + description: > + Reachable state before check execution + + - name: check_result.vars_before.state + type: integer + description: > + Check state before check execution + + - name: check_result.vars_before.state_type + type: integer + description: > + State type before check execution + + - name: comment.__name + type: text + description: > + Unique identifier of a comment + + - name: comment.author + type: keyword + description: > + Author of a comment + + - name: comment.entry_time + type: date + description: > + Entry time of a comment + + - name: comment.entry_type + type: integer + description: > + Entry type of a comment + + - name: comment.expire_time + type: date + description: > + Expire time of a comment + + - name: comment.host_name + type: keyword + description: > + Host name of a comment + + - name: comment.legacy_id + type: integer + description: > + Legacy ID of a comment + + - name: comment.name + type: keyword + description: > + Identifier of a comment + + - name: comment.package + type: keyword + description: > + Config package of a comment + + - name: comment.service_name + type: keyword + description: > + Service name of a comment + + - name: comment.templates + type: text + description: > + Templates used by a comment + + - name: comment.text + type: text + description: > + Text of a comment + + - name: comment.type + type: keyword + description: > + Comment type + + - name: comment.version + type: keyword + description: > + Config version of comment object + + - name: comment.zone + type: keyword + description: > + Zone where comment was generated + + - name: downtime.__name + type: text + description: > + Unique identifier of a downtime + + - name: downtime.author + type: keyword + description: > + Author of a downtime + + - name: downtime.comment + type: text + description: > + Text of a downtime + + - name: downtime.config_owner + type: text + description: > + Config owner + + - name: downtime.duration + type: integer + description: > + Duration of a downtime + + - name: downtime.end_time + type: date + description: > + Timestamp of downtime end + + - name: downtime.entry_time + type: date + description: > + Timestamp when downtime was created + + - name: downtime.fixed + type: boolean + description: > + If downtime is fixed or flexible + + - name: downtime.host_name + type: keyword + description: > + Hostname of a downtime + + - name: downtime.legacy_id + type: integer + description: > + The integer ID of a downtime + + - name: downtime.name + type: keyword + description: > + Downtime config identifier + + - name: downtime.package + type: keyword + description: > + Configuration package of downtime + + - name: downtime.scheduled_by + type: text + description: > + By whom downtime was scheduled + + - name: downtime.service_name + type: keyword + description: > + Service name of a downtime + + - name: downtime.start_time + type: date + description: > + Timestamp when downtime starts + + - name: downtime.templates + type: text + description: > + Templates used by this downtime + + - name: downtime.trigger_time + type: date + description: > + Timestamp when downtime was triggered + + - name: downtime.triggered_by + type: text + description: > + By whom downtime was triggered + + - name: downtime.triggers + type: text + description: > + Downtime triggers + + - name: downtime.type + type: keyword + description: > + Downtime type + + - name: downtime.version + type: keyword + description: > + Config version of downtime + + - name: downtime.was_cancelled + type: boolean + description: > + If downtime was cancelled + + - name: downtime.zone + type: keyword + description: > + Zone of downtime + + - name: status.active_host_checks + type: integer + description: > + Active host checks + + + - name: status.active_host_checks_15min + type: integer + description: > + Active host checks in the last 15 minutes + + + - name: status.active_host_checks_1min + type: integer + description: > + Acitve host checks in the last minute + + + - name: status.active_host_checks_5min + type: integer + description: > + Active host checks in the last 5 minutes + + + - name: status.active_service_checks + type: integer + description: > + Active service checks + + - name: status.active_service_checks_15min + type: integer + description: > + Active service checks in the last 15 minutes + + - name: status.active_service_checks_1min + type: integer + description: > + Active service checks in the last minute + + - name: status.active_service_checks_5min + type: integer + description: > + Active service checks in the last 5 minutes + + - name: status.api.identity + type: keyword + description: > + API identity + + - name: status.api.num_conn_endpoints + type: integer + description: > + Number of connected endpoints + + - name: status.api.num_endpoints + type: integer + description: > + Total number of endpoints + + - name: status.api.num_not_conn_endpoints + type: integer + description: > + Number of not connected endpoints + + - name: status.avg_execution_time + type: integer + description: > + Average execution time of checks + + - name: status.avg_latency + type: integer + description: > + Average latency time + + - name: status.checkercomponent.checker.idle + type: integer + description: > + Idle checks + + - name: status.checkercomponent.checker.pending + type: integer + description: > + Pending checks + + - name: status.filelogger.main-log + type: integer + description: > + Mainlog enabled + + - name: status.icingaapplication.app.enable_event_handlers + type: boolean + description: > + Event handlers enabled + + - name: status.icingaapplication.app.enable_flapping + type: boolean + description: > + Flapping detection enabled + + - name: status.icingaapplication.app.enable_host_checks + type: boolean + description: > + Host checks enabled + + - name: status.icingaapplication.app.enable_notifications + type: boolean + description: > + Notifications enabled + + - name: status.icingaapplication.app.enable_perfdata + type: boolean + description: > + Perfdata enabled + + - name: status.icingaapplication.app.enable_service_checks + type: boolean + description: > + Service checks enabled + + - name: status.icingaapplication.app.node_name + type: keyword + description: > + Node name + + - name: status.icingaapplication.app.pid + type: integer + description: > + PID + + - name: status.icingaapplication.app.program_start + type: integer + description: > + Time when Icinga started + + - name: status.icingaapplication.app.version + type: keyword + description: > + Version + + - name: status.idomysqlconnection.ido-mysql.connected + type: boolean + description: > + IDO connected + + - name: status.idomysqlconnection.ido-mysql.instance_name + type: keyword + description: > + IDO Instance name + + - name: status.idomysqlconnection.ido-mysql.query_queue_items + type: integer + description: > + IDO query items in the queue + + - name: status.idomysqlconnection.ido-mysql.version + type: keyword + description: > + IDO schema version + + - name: status.max_execution_time + type: integer + description: > + Max execution time + + - name: status.max_latency + type: integer + description: > + Max latency + + - name: status.min_execution_time + type: integer + description: > + Min execution time + + - name: status.min_latency + type: integer + description: > + Min latency + + - name: status.notificationcomponent.notification + type: integer + description: > + Notification + + - name: status.num_hosts_acknowledged + type: integer + description: > + Amount of acknowledged hosts + + - name: status.num_hosts_down + type: integer + description: > + Amount of down hosts + + - name: status.num_hosts_flapping + type: integer + description: > + Amount of flapping hosts + + - name: status.num_hosts_in_downtime + type: integer + description: > + Amount of hosts in downtime + + - name: status.num_hosts_pending + type: integer + description: > + Amount of pending hosts + + - name: status.num_hosts_unreachable + type: integer + description: > + Amount of unreachable hosts + + - name: status.num_hosts_up + type: integer + description: > + Amount of hosts in up state + + - name: status.num_services_acknowledged + type: integer + description: > + Amount of acknowledged services + + - name: status.num_services_critical + type: integer + description: > + Amount of critical services + + - name: status.num_services_flapping + type: integer + description: > + Amount of flapping services + + - name: status.num_services_in_downtime + type: integer + description: > + Amount of services in downtime + + - name: status.num_services_ok + type: integer + description: > + Amount of services in ok state + + - name: status.num_services_pending + type: integer + description: > + Amount of pending services + + - name: status.num_services_unknown + type: integer + description: > + Amount of unknown services + + - name: status.num_services_unreachable + type: integer + description: > + Amount of unreachable services + + - name: status.num_services_warning + type: integer + description: > + Amount of services in warning state + + - name: status.passive_host_checks + type: integer + description: > + Amount of passive host checks + + - name: status.passive_host_checks_15min + type: integer + description: > + Amount of passive host checks in the last 15 minutes + + - name: status.passive_host_checks_1min + type: integer + description: > + Amount of passive host checks in the last minute + + - name: status.passive_host_checks_5min + type: integer + description: > + Amount of passive host checks in the last 5 minutes + + - name: status.passive_service_checks + type: integer + description: > + Amount of passive service checks + + - name: status.passive_service_checks_15min + type: integer + description: > + Amount of passive service checks in the last 15 minutes + + - name: status.passive_service_checks_1min + type: integer + description: > + Amount of passive service checks in the last minute + + - name: status.passive_service_checks_5min + type: integer + description: > + Amount of passive service checks in the last 5 minutes + + - name: status.uptime + type: integer + description: > + Uptime