ECS Version:

URL

Fields that let you store URLs in various forms.

Fields

Field Summary

Field	Type	Level	Description
`url.domain`	keyword	Extended	Domain of the url.
`url.extension`	keyword	Extended	File extension from the request url, excluding the leading dot.
`url.fragment`	keyword	Extended	Portion of the url after the `#`.
`url.full`	wildcard	Extended	Full unparsed URL.
`url.full.text`	match_only_text	Extended	Full unparsed URL.
`url.original`	wildcard	Extended	Unmodified original url as seen in the event source.
`url.original.text`	match_only_text	Extended	Unmodified original url as seen in the event source.
`url.password`	keyword	Extended	Password of the request.
`url.path`	wildcard	Extended	Path of the request, such as "/search".
`url.port`	long	Extended	Port of the request, such as 443.
`url.query`	keyword	Extended	Query string of the request.
`url.registered_domain`	keyword	Extended	The highest registered url domain, stripped of the subdomain.
`url.scheme`	keyword	Extended	Scheme of the url.
`url.subdomain`	keyword	Extended	The subdomain of the domain.
`url.top_level_domain`	keyword	Extended	The effective top level domain (com, org, net, co.uk).
`url.username`	keyword	Extended	Username of the request.

Field Details

`url.domain`

Type: keyword

Level: Extended

Description: Domain of the url.

Example: www.elastic.co

Indexed: true

`url.extension`

Type: keyword

Level: Extended

Description: File extension from the request url, excluding the leading dot.

Example: png

Indexed: true

`url.fragment`

Type: keyword

Level: Extended

Description: Portion of the url after the #.

Indexed: true

`url.full`

Type: wildcard

Level: Extended

Description: Full unparsed URL.

Example: https://www.elastic.co:443/search?q=elasticsearch#top

Indexed: true

`url.full.text`

Type: match_only_text

Level: Extended

Description: Full unparsed URL.

Example: https://www.elastic.co:443/search?q=elasticsearch#top

Indexed: true

`url.original`

Type: wildcard

Level: Extended

Description: Unmodified original url as seen in the event source.

Example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch

Indexed: true

`url.original.text`

Type: match_only_text

Level: Extended

Description: Unmodified original url as seen in the event source.

Example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch

Indexed: true

`url.password`

Type: keyword

Level: Extended

Description: Password of the request.

Indexed: true

`url.path`

Type: wildcard

Level: Extended

Description: Path of the request, such as "/search".

Indexed: true

`url.port`

Type: long

Level: Extended

Description: Port of the request, such as 443.

Example: 443

Indexed: true

`url.query`

Type: keyword

Level: Extended

Description: Query string of the request.

Indexed: true

`url.registered_domain`

Type: keyword

Level: Extended

Description: The highest registered url domain, stripped of the subdomain.

Example: example.com

Indexed: true

`url.scheme`

Type: keyword

Level: Extended

Description: Scheme of the url.

Example: https

Indexed: true

`url.subdomain`

Type: keyword

Level: Extended

Description: The subdomain of the domain.

Example: east

Indexed: true

`url.top_level_domain`

Type: keyword

Level: Extended

Description: The effective top level domain (com, org, net, co.uk).

Example: co.uk

Indexed: true

`url.username`

Type: keyword

Level: Extended

Description: Username of the request.

Indexed: true

Transaction User