698 lines
7.2 KiB
Plaintext
698 lines
7.2 KiB
Plaintext
|
|
////
|
|
This file is generated! See _meta/fields.yml and scripts/generate_field_docs.py
|
|
////
|
|
|
|
[[exported-fields]]
|
|
= Exported Fields
|
|
|
|
[partintro]
|
|
|
|
--
|
|
This document describes the fields that are exported by Icingabeat. They are
|
|
grouped in the following categories:
|
|
|
|
* <<exported-fields-beat>>
|
|
* <<exported-fields-cloud>>
|
|
* <<exported-fields-icingabeat>>
|
|
|
|
--
|
|
[[exported-fields-beat]]
|
|
== Beat Fields
|
|
|
|
Contains common beat fields available in all event types.
|
|
|
|
|
|
|
|
[float]
|
|
=== beat.name
|
|
|
|
The name of the Beat sending the log messages. If the Beat name is set in the configuration file, then that value is used. If it is not set, the hostname is used. To set the Beat name, use the `name` option in the configuration file.
|
|
|
|
|
|
[float]
|
|
=== beat.hostname
|
|
|
|
The hostname as returned by the operating system on which the Beat is running.
|
|
|
|
|
|
[float]
|
|
=== beat.version
|
|
|
|
The version of the beat that generated this event.
|
|
|
|
|
|
[float]
|
|
=== @timestamp
|
|
|
|
type: date
|
|
|
|
example: August 26th 2016, 12:35:53.332
|
|
|
|
format: date
|
|
|
|
required: True
|
|
|
|
The timestamp when the event log record was generated.
|
|
|
|
|
|
[float]
|
|
=== tags
|
|
|
|
Arbitrary tags that can be set per Beat and per transaction type.
|
|
|
|
|
|
[float]
|
|
=== fields
|
|
|
|
type: dict
|
|
|
|
Contains user configurable fields.
|
|
|
|
|
|
[[exported-fields-cloud]]
|
|
== Cloud Provider Metadata Fields
|
|
|
|
Metadata from cloud providers added by the add_cloud_metadata processor.
|
|
|
|
|
|
|
|
[float]
|
|
=== meta.cloud.provider
|
|
|
|
example: ec2
|
|
|
|
Name of the cloud provider. Possible values are ec2, gce, or digitalocean.
|
|
|
|
|
|
[float]
|
|
=== meta.cloud.instance_id
|
|
|
|
Instance ID of the host machine.
|
|
|
|
|
|
[float]
|
|
=== meta.cloud.machine_type
|
|
|
|
example: t2.medium
|
|
|
|
Machine type of the host machine.
|
|
|
|
|
|
[float]
|
|
=== meta.cloud.availability_zone
|
|
|
|
example: us-east-1c
|
|
|
|
Availability zone in which this host is running.
|
|
|
|
|
|
[float]
|
|
=== meta.cloud.project_id
|
|
|
|
example: project-x
|
|
|
|
Name of the project in Google Cloud.
|
|
|
|
|
|
[float]
|
|
=== meta.cloud.region
|
|
|
|
Region in which this host is running.
|
|
|
|
|
|
[[exported-fields-icingabeat]]
|
|
== icingabeat Fields
|
|
|
|
Data received from the Icinga 2 API
|
|
|
|
|
|
[float]
|
|
=== timestamp
|
|
|
|
type: date
|
|
|
|
Timestamp of event occurrence
|
|
|
|
|
|
[float]
|
|
=== type
|
|
|
|
type: keyword
|
|
|
|
Type of the document
|
|
|
|
|
|
[float]
|
|
=== host
|
|
|
|
type: keyword
|
|
|
|
Host that triggered the event
|
|
|
|
|
|
[float]
|
|
=== service
|
|
|
|
type: keyword
|
|
|
|
Service that triggered the event
|
|
|
|
|
|
[float]
|
|
=== state
|
|
|
|
type: integer
|
|
|
|
State of the check
|
|
|
|
|
|
[float]
|
|
=== state_type
|
|
|
|
type: integer
|
|
|
|
State type of the check
|
|
|
|
|
|
[float]
|
|
=== author
|
|
|
|
type: keyword
|
|
|
|
Author of a message
|
|
|
|
|
|
[float]
|
|
=== notification_type
|
|
|
|
type: keyword
|
|
|
|
Type of notification
|
|
|
|
|
|
[float]
|
|
=== text
|
|
|
|
type: text
|
|
|
|
Text of a message
|
|
|
|
|
|
[float]
|
|
=== users
|
|
|
|
type: text
|
|
|
|
Affected users of a notification
|
|
|
|
|
|
[float]
|
|
=== acknowledgement_type
|
|
|
|
type: integer
|
|
|
|
Type of an acknowledgement
|
|
|
|
|
|
[float]
|
|
=== expiry
|
|
|
|
type: date
|
|
|
|
Expiry of an acknowledgement
|
|
|
|
|
|
[float]
|
|
=== notify
|
|
|
|
type: keyword
|
|
|
|
If has been sent out
|
|
|
|
|
|
[float]
|
|
=== check_result.active
|
|
|
|
type: boolean
|
|
|
|
If check was active or passive
|
|
|
|
|
|
[float]
|
|
=== check_result.check_source
|
|
|
|
type: keyword
|
|
|
|
Icinga instance that scheduled the check
|
|
|
|
|
|
[float]
|
|
=== check_result.command
|
|
|
|
type: text
|
|
|
|
Command that was executed
|
|
|
|
|
|
[float]
|
|
=== check_result.execution_end
|
|
|
|
type: date
|
|
|
|
Time when execution of check ended
|
|
|
|
|
|
[float]
|
|
=== check_result.execution_start
|
|
|
|
type: date
|
|
|
|
Time when execution of check started
|
|
|
|
|
|
[float]
|
|
=== check_result.exit_status
|
|
|
|
type: integer
|
|
|
|
Exit status
|
|
|
|
|
|
[float]
|
|
=== check_result.output
|
|
|
|
type: text
|
|
|
|
Output of check
|
|
|
|
|
|
[float]
|
|
=== check_result.performance_data
|
|
|
|
type: text
|
|
|
|
Performance data in text format
|
|
|
|
|
|
[float]
|
|
=== check_result.schedule_end
|
|
|
|
type: date
|
|
|
|
Time when scheduling of the check ended
|
|
|
|
|
|
[float]
|
|
=== check_result.schedule_start
|
|
|
|
type: date
|
|
|
|
Time when check was scheduled
|
|
|
|
|
|
[float]
|
|
=== check_result.state
|
|
|
|
type: integer
|
|
|
|
State of the check
|
|
|
|
|
|
[float]
|
|
=== check_result.type
|
|
|
|
type: keyword
|
|
|
|
Type of this event
|
|
|
|
|
|
[float]
|
|
=== check_result.vars_after.attempt
|
|
|
|
type: integer
|
|
|
|
Check attempt after check execution
|
|
|
|
|
|
[float]
|
|
=== check_result.vars_after.reachable
|
|
|
|
type: boolean
|
|
|
|
Reachable state after check execution
|
|
|
|
|
|
[float]
|
|
=== check_result.vars_after.state
|
|
|
|
type: integer
|
|
|
|
State of the check after execution
|
|
|
|
|
|
[float]
|
|
=== check_result.vars_after.state_type
|
|
|
|
type: integer
|
|
|
|
State type after execution
|
|
|
|
|
|
[float]
|
|
=== check_result.vars_before.attempt
|
|
|
|
type: integer
|
|
|
|
Check attempt before check execution
|
|
|
|
|
|
[float]
|
|
=== check_result.vars_before.reachable
|
|
|
|
type: boolean
|
|
|
|
Reachable state before check execution
|
|
|
|
|
|
[float]
|
|
=== check_result.vars_before.state
|
|
|
|
type: integer
|
|
|
|
Check state before check execution
|
|
|
|
|
|
[float]
|
|
=== check_result.vars_before.state_type
|
|
|
|
type: integer
|
|
|
|
State type before check execution
|
|
|
|
|
|
[float]
|
|
=== comment.__name
|
|
|
|
type: text
|
|
|
|
Unique identifier of a comment
|
|
|
|
|
|
[float]
|
|
=== comment.author
|
|
|
|
type: keyword
|
|
|
|
Author of a comment
|
|
|
|
|
|
[float]
|
|
=== comment.entry_time
|
|
|
|
type: date
|
|
|
|
Entry time of a comment
|
|
|
|
|
|
[float]
|
|
=== comment.entry_type
|
|
|
|
type: integer
|
|
|
|
Entry type of a comment
|
|
|
|
|
|
[float]
|
|
=== comment.expire_time
|
|
|
|
type: date
|
|
|
|
Expire time of a comment
|
|
|
|
|
|
[float]
|
|
=== comment.host_name
|
|
|
|
type: keyword
|
|
|
|
Host name of a comment
|
|
|
|
|
|
[float]
|
|
=== comment.legacy_id
|
|
|
|
type: integer
|
|
|
|
Legacy ID of a comment
|
|
|
|
|
|
[float]
|
|
=== comment.name
|
|
|
|
type: keyword
|
|
|
|
Identifier of a comment
|
|
|
|
|
|
[float]
|
|
=== comment.package
|
|
|
|
type: keyword
|
|
|
|
Config package of a comment
|
|
|
|
|
|
[float]
|
|
=== comment.service_name
|
|
|
|
type: keyword
|
|
|
|
Service name of a comment
|
|
|
|
|
|
[float]
|
|
=== comment.templates
|
|
|
|
type: text
|
|
|
|
Templates used by a comment
|
|
|
|
|
|
[float]
|
|
=== comment.text
|
|
|
|
type: text
|
|
|
|
Text of a comment
|
|
|
|
|
|
[float]
|
|
=== comment.type
|
|
|
|
type: keyword
|
|
|
|
Comment type
|
|
|
|
|
|
[float]
|
|
=== comment.version
|
|
|
|
type: keyword
|
|
|
|
Config version of comment object
|
|
|
|
|
|
[float]
|
|
=== comment.zone
|
|
|
|
type: keyword
|
|
|
|
Zone where comment was generated
|
|
|
|
|
|
[float]
|
|
=== downtime.__name
|
|
|
|
type: text
|
|
|
|
Unique identifier of a downtime
|
|
|
|
|
|
[float]
|
|
=== downtime.author
|
|
|
|
type: keyword
|
|
|
|
Author of a downtime
|
|
|
|
|
|
[float]
|
|
=== downtime.comment
|
|
|
|
type: text
|
|
|
|
Text of a downtime
|
|
|
|
|
|
[float]
|
|
=== downtime.config_owner
|
|
|
|
type: text
|
|
|
|
Config owner
|
|
|
|
|
|
[float]
|
|
=== downtime.duration
|
|
|
|
type: integer
|
|
|
|
Duration of a downtime
|
|
|
|
|
|
[float]
|
|
=== downtime.end_time
|
|
|
|
type: date
|
|
|
|
Timestamp of downtime end
|
|
|
|
|
|
[float]
|
|
=== downtime.entry_time
|
|
|
|
type: date
|
|
|
|
Timestamp when downtime was created
|
|
|
|
|
|
[float]
|
|
=== downtime.fixed
|
|
|
|
type: boolean
|
|
|
|
If downtime is fixed or flexible
|
|
|
|
|
|
[float]
|
|
=== downtime.host_name
|
|
|
|
type: keyword
|
|
|
|
Hostname of a downtime
|
|
|
|
|
|
[float]
|
|
=== downtime.legacy_id
|
|
|
|
type: integer
|
|
|
|
The integer ID of a downtime
|
|
|
|
|
|
[float]
|
|
=== downtime.name
|
|
|
|
type: keyword
|
|
|
|
Downtime config identifier
|
|
|
|
|
|
[float]
|
|
=== downtime.package
|
|
|
|
type: keyword
|
|
|
|
Configuration package of downtime
|
|
|
|
|
|
[float]
|
|
=== downtime.scheduled_by
|
|
|
|
type: text
|
|
|
|
By whom downtime was scheduled
|
|
|
|
|
|
[float]
|
|
=== downtime.service_name
|
|
|
|
type: keyword
|
|
|
|
Service name of a downtime
|
|
|
|
|
|
[float]
|
|
=== downtime.start_time
|
|
|
|
type: date
|
|
|
|
Timestamp when downtime starts
|
|
|
|
|
|
[float]
|
|
=== downtime.templates
|
|
|
|
type: text
|
|
|
|
Templates used by this downtime
|
|
|
|
|
|
[float]
|
|
=== downtime.trigger_time
|
|
|
|
type: date
|
|
|
|
Timestamp when downtime was triggered
|
|
|
|
|
|
[float]
|
|
=== downtime.triggered_by
|
|
|
|
type: text
|
|
|
|
By whom downtime was triggered
|
|
|
|
|
|
[float]
|
|
=== downtime.triggers
|
|
|
|
type: text
|
|
|
|
Downtime triggers
|
|
|
|
|
|
[float]
|
|
=== downtime.type
|
|
|
|
type: keyword
|
|
|
|
Downtime type
|
|
|
|
|
|
[float]
|
|
=== downtime.version
|
|
|
|
type: keyword
|
|
|
|
Config version of downtime
|
|
|
|
|
|
[float]
|
|
=== downtime.was_cancelled
|
|
|
|
type: boolean
|
|
|
|
If downtime was cancelled
|
|
|
|
|
|
[float]
|
|
=== downtime.zone
|
|
|
|
type: keyword
|
|
|
|
Zone of downtime
|
|
|
|
|