ECS Version:
Base
All fields defined directly at the root of the events.
Fields
Field Summary
| Field | Type | Level | Description |
|---|---|---|---|
@timestamp | date | Core | Date/time when the event originated. |
labels | object | Core | Custom key/value pairs. |
message | match_only_text | Core | Log message optimized for viewing in a log viewer. |
tags | keyword | Core | List of keywords used to tag each event. |
Field Details
@timestamp
Type: date
Level: Core
Description: Date/time when the event originated.
Example: 2016-05-23T08:05:34.853Z
Indexed: true
labels
Type: object
Level: Core
Description: Custom key/value pairs.
Example: {"application": "foo-bar", "env": "production"}
Indexed: true
message
Type: match_only_text
Level: Core
Description: Log message optimized for viewing in a log viewer.
Example: Hello World
Indexed: true
tags
Type: keyword
Level: Core
Description: List of keywords used to tag each event.
Example: ["production", "env2"]
Normalization: array
Indexed: true