# Licensed to Elasticsearch B.V. under one or more contributor # license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright # ownership. Elasticsearch B.V. licenses this file to you under # the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. --- - name: http title: HTTP group: 2 short: Fields describing an HTTP request. description: > Fields related to HTTP activity. Use the `url` field set to store the url of the request. type: group fields: - name: request.id level: extended type: keyword short: HTTP request ID. description: > A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. example: 123e4567-e89b-12d3-a456-426614174000 - name: request.method level: extended type: keyword short: HTTP request method. description: > HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. example: POST - name: request.mime_type level: extended type: keyword short: Mime type of the body of the request. description: > Mime type of the body of the request. This value must only be populated based on the content of the request body, not on the `Content-Type` header. Comparing the mime type of a request with the request's Content-Type header can be helpful in detecting threats or misconfigured clients. example: image/gif - name: request.body.content level: extended type: wildcard description: > The full HTTP request body. example: Hello world multi_fields: - type: match_only_text name: text - name: request.referrer level: extended type: keyword description: > Referrer for this HTTP request. example: https://blog.example.com/ - name: response.status_code format: string level: extended type: long description: > HTTP response status code. example: 404 - name: response.mime_type level: extended type: keyword short: Mime type of the body of the response. description: > Mime type of the body of the response. This value must only be populated based on the content of the response body, not on the `Content-Type` header. Comparing the mime type of a response with the response's Content-Type header can be helpful in detecting misconfigured servers. example: image/gif - name: response.body.content level: extended type: wildcard description: > The full HTTP response body. example: Hello world multi_fields: - type: match_only_text name: text - name: version level: extended type: keyword description: > HTTP version. example: 1.1 # Metrics - name: request.bytes level: extended type: long format: bytes description: > Total size in bytes of the request (body and headers). example: 1437 - name: request.body.bytes level: extended type: long format: bytes description: > Size in bytes of the request body. example: 887 - name: response.bytes level: extended type: long format: bytes description: > Total size in bytes of the response (body and headers). example: 1437 - name: response.body.bytes level: extended type: long format: bytes description: > Size in bytes of the response body. example: 887