forked from elastic/ecs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathservice.yml
107 lines (87 loc) · 3.59 KB
/
service.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
---
- name: service
title: Service
group: 2
short: Fields describing the service for or from which the data was collected.
description: >
The service fields describe the service for or from which the data was collected.
These fields help you find and correlate logs for a specific
service and version.
type: group
fields:
- name: id
level: core
type: keyword
short: Unique identifier of the running service.
description: >
Unique identifier of the running service. If the service is comprised of
many nodes, the `service.id` should be the same for all nodes.
This id should uniquely identify the service. This makes it possible
to correlate logs and metrics for one specific service, no matter which
particular node emitted the event.
Note that if you need to see the events from one specific host of the
service, you should filter on that `host.name` or `host.id` instead.
example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6
- name: name
level: core
type: keyword
example: "elasticsearch-metrics"
short: Name of the service.
description: >
Name of the service data is collected from.
The name of the service is normally user given. This allows for
distributed services that run on multiple hosts to correlate the
related instances based on the name.
In the case of Elasticsearch the `service.name` could contain the cluster
name. For Beats the `service.name` is by default a copy of the `service.type`
field if no name is specified.
- name: node.name
level: extended
type: keyword
example: "instance-0000000016"
short: Name of the service node.
description: >
Name of a service node.
This allows for two nodes of the same service running on the same
host to be differentiated. Therefore, `service.node.name` should
typically be unique across nodes of a given service.
In the case of Elasticsearch, the `service.node.name` could contain
the unique node name within the Elasticsearch cluster.
In cases where the service doesn't have the concept of a node name,
the host name or container name can be used to distinguish running
instances that make up this service. If those do not provide uniqueness
(e.g. multiple instances of the service running on the same host) - the
node name can be manually set.
- name: type
level: core
type: keyword
example: "elasticsearch"
short: The type of the service.
description: >
The type of the service data is collected from.
The type can be used to group and correlate logs and metrics from one
service type.
Example: If logs or metrics are collected from Elasticsearch, `service.type` would be
`elasticsearch`.
- name: state
level: core
type: keyword
description: >
Current state of the service.
- name: version
level: core
type: keyword
example: "3.2.4"
short: Version of the service.
description: >
Version of the service the data was collected from.
This allows to look at a data set only for a specific version of a
service.
- name: ephemeral_id
level: extended
type: keyword
short: Ephemeral identifier of this service.
description: >
Ephemeral identifier of this service (if one exists).
This id normally changes across restarts, but `service.id` does not.
example: 8a4f500f