⚠️ Outdated Version: You are viewing ECS version 1.12, which is outdated. View the latest version (9.0)

ECS Version:

Log

Details about the event's logging mechanism.

Fields

Field Summary

Field	Type	Level	Description
`log.file.path`	keyword	Extended	Full path to the log file this event came from.
`log.level`	keyword	Core	Log level of the log event.
`log.logger`	keyword	Core	Name of the logger.
`log.origin.file.line`	integer	Extended	The line number of the file which originated the log event.
`log.origin.file.name`	keyword	Extended	The code file which originated the log event.
`log.origin.function`	keyword	Extended	The function which originated the log event.
`log.original`	keyword	Core	Deprecated original log message with light interpretation only (encoding, newlines).
`log.syslog`	object	Extended	Syslog metadata
`log.syslog.facility.code`	long	Extended	Syslog numeric facility of the event.
`log.syslog.facility.name`	keyword	Extended	Syslog text-based facility of the event.
`log.syslog.priority`	long	Extended	Syslog priority of the event.
`log.syslog.severity.code`	long	Extended	Syslog numeric severity of the event.
`log.syslog.severity.name`	keyword	Extended	Syslog text-based severity of the event.

Field Details

`log.file.path`

Type: keyword

Level: Extended

Description: Full path to the log file this event came from.

Example: /var/log/fun-times.log

Indexed: true

`log.level`

Type: keyword

Level: Core

Description: Log level of the log event.

Example: error

Indexed: true

`log.logger`

Type: keyword

Level: Core

Description: Name of the logger.

Example: org.elasticsearch.bootstrap.Bootstrap

Indexed: true

`log.origin.file.line`

Type: integer

Level: Extended

Description: The line number of the file which originated the log event.

Example: 42

Indexed: true

`log.origin.file.name`

Type: keyword

Level: Extended

Description: The code file which originated the log event.

Example: Bootstrap.java

Indexed: true

`log.origin.function`

Type: keyword

Level: Extended

Description: The function which originated the log event.

Example: init

Indexed: true

`log.original`

Type: keyword

Level: Core

Description: Deprecated original log message with light interpretation only (encoding, newlines).

Example: Sep 19 08:26:10 localhost My log

Indexed: false

`log.syslog`

Type: object

Level: Extended

Description: Syslog metadata

Indexed: true

`log.syslog.facility.code`

Type: long

Level: Extended

Description: Syslog numeric facility of the event.

Example: 23

Indexed: true

`log.syslog.facility.name`

Type: keyword

Level: Extended

Description: Syslog text-based facility of the event.

Example: local7

Indexed: true

`log.syslog.priority`

Type: long

Level: Extended

Description: Syslog priority of the event.

Example: 135

Indexed: true

`log.syslog.severity.code`

Type: long

Level: Extended

Description: Syslog numeric severity of the event.

Example: 3

Indexed: true

`log.syslog.severity.name`

Type: keyword

Level: Extended

Description: Syslog text-based severity of the event.

Example: Error

Indexed: true

HTTP Network