Elastic
Start free trial Contact Sales
Loading

HTTP fields

Elastic Stack Serverless

Fields related to HTTP activity. Use the url field set to store the url of the request.

HTTP field details

Field Description Level
http.request.body.bytes Size in bytes of the request body.

type: long

example: 887

OTel Badge relation http.request.body.size
 extended
http.request.body.content The full HTTP request body.

type: wildcard

Multi-fields:

- http.request.body.content.text (type: match_only_text)

example: Hello world
 extended
http.request.bytes Total size in bytes of the request (body and headers).

type: long

example: 1437

OTel Badge relation http.request.size
 extended
http.request.id A unique identifier for each HTTP request to correlate logs between clients and servers in transactions.

The id may be contained in a non-standard HTTP header, such as X-Request-ID or X-Correlation-ID.

type: keyword

example: 123e4567-e89b-12d3-a456-426614174000
 extended
http.request.method HTTP request method.

The value should retain its casing from the original event. For example, GET, get, and GeT are all considered valid values for this field.

type: keyword

example: POST

OTel Badge relation http.request.method_original

OTel Badge relation http.request.method

Note: http.request.method in SemConv is the known, normalized, upper case value of the request method, other than the ECS' http.request.method that retains casing from the original event.
 extended
http.request.mime_type Mime type of the body of the request.

This value must only be populated based on the content of the request body, not on the Content-Type header. Comparing the mime type of a request with the request’s Content-Type header can be helpful in detecting threats or misconfigured clients.

type: keyword

example: image/gif
 extended
http.request.referrer Referrer for this HTTP request.

type: keyword

example: https://blog.example.com/
 extended
http.response.body.bytes Size in bytes of the response body.

type: long

example: 887

OTel Badge relation http.response.body.size
 extended
http.response.body.content The full HTTP response body.

type: wildcard

Multi-fields:

- http.response.body.content.text (type: match_only_text)

example: Hello world
 extended
http.response.bytes Total size in bytes of the response (body and headers).

type: long

example: 1437

OTel Badge relation http.response.size
 extended
http.response.mime_type Mime type of the body of the response.

This value must only be populated based on the content of the response body, not on the Content-Type header. Comparing the mime type of a response with the response’s Content-Type header can be helpful in detecting misconfigured servers.

type: keyword

example: image/gif
 extended
http.response.status_code HTTP response status code.

type: long

example: 404

OTel Badge relation http.response.status_code
 extended
http.version HTTP version.

type: keyword

example: 1.1

OTel Badge relation network.protocol.name

OTel Badge relation network.protocol.version

Note: In OTel SemConv, network.protocol.version specifies the HTTP version if the value of network.protocol.name is http.
 extended