--- title: Elasticsearch fields description: elasticsearch Module GC fileset fields. Fields specific to GC phase. Process CPU time spent performing collections. Heap allocation and total size. Old... url: https://www.elastic.co/elastic/docs-builder/docs/3016/reference/beats/filebeat/exported-fields-elasticsearch products: - Beats - Filebeat applies_to: - Elastic Cloud Serverless: Generally available - Elastic Stack: Generally available --- # Elasticsearch fields elasticsearch Module ## elasticsearch Elasticsearch component from where the log event originated type: keyword example: o.e.c.m.MetaDataCreateIndexService UUID of the cluster type: keyword example: GmvrbHlNTiSVYiPf8kxg9g Name of the cluster type: keyword example: docker-cluster ID of the node type: keyword example: DSiWcTyeThWtUXLB9J0BMw Name of the node type: keyword example: vWNJsZ3 Index name type: keyword example: filebeat-test-input Index id type: keyword example: aOGgDwbURfCV57AScqbCgw Id of the shard type: keyword example: 0 Used by Elastic stack to identify which component of the stack sent the request type: keyword example: kibana Used by Elasticsearch to throttle and deduplicate deprecation warnings type: keyword example: v7app Category of the deprecation event type: keyword example: compatible_api The layer from which this event originated: rest, transport or ip_filter type: keyword example: rest The type of event that occurred: anonymous_access_denied, authentication_failed, access_denied, access_granted, connection_granted, connection_denied, tampered_request, run_as_granted, run_as_denied type: keyword example: access_granted Where the request originated: rest (request originated from a REST API request), transport (request was received on the transport channel), local_node (the local node issued the request) type: keyword example: local_node The authentication realm the authentication was validated against type: keyword The user's authentication realm, if authenticated type: keyword Roles to which the principal belongs type: keyword example: ['kibana_admin', 'beats_admin'] type: keyword type: keyword type: keyword The name of the action that was executed type: keyword example: cluster:monitor/main REST URI parameters example: {username=jacknich2} Indices accessed by action type: keyword example: ['foo-2019.01.04', 'foo-2019.01.03', 'foo-2019.01.06'] Unique ID of request type: keyword example: WzL_kb6VSvOhAq0twPvHOQ The type of request that was executed type: keyword example: ClearScrollRequest type: alias alias to: http.request.body.content type: alias alias to: source.ip type: alias alias to: url.original type: alias alias to: user.name type: text type: boolean type: keyword type: text ## deprecation ## gc GC fileset fields. ## phase Fields specific to GC phase. Name of the GC collection phase. type: keyword Collection phase duration according to the Java virtual machine. type: float Pause time in seconds cleaning up symbol tables. type: float Pause time in seconds cleaning up string tables. type: float Time spent processing weak references in seconds. type: float Time spent in seconds marking live objects while application is stopped. type: float Time spent unloading unused classes in seconds. type: float ## cpu_time Process CPU time spent performing collections. CPU time spent outside the kernel. type: float CPU time spent inside the kernel. type: float Total elapsed CPU time spent to complete the collection from start to finish. type: float The time from JVM start up in seconds, as a floating point number. type: float Garbage collection threads total stop time seconds. type: float Time took to stop threads seconds. type: float GC logging tags. type: keyword ## heap Heap allocation and total size. Total heap size in kilobytes. type: integer Used heap in kilobytes. type: integer ## old_gen Old generation occupancy and total size. Total size of old generation in kilobytes. type: integer Old generation occupancy in kilobytes. type: integer ## young_gen Young generation occupancy and total size. Total size of young generation in kilobytes. type: integer Young generation occupancy in kilobytes. type: integer ## server Server log file Field is not indexed. ## gc GC log ## young Young GC type: long example: type: long example: Sequence number type: long example: 3449992 Time spent in GC, in milliseconds type: float example: 1600 Total time over which collection was observed, in milliseconds type: float example: 1800 ## slowlog Slowlog events from Elasticsearch Logger name type: keyword example: index.search.slowlog.fetch Time it took to execute the query type: keyword example: 300ms Types type: keyword example: Stats groups type: keyword example: group1 Search type type: keyword example: QUERY_THEN_FETCH Slow query type: keyword example: {"query":{"match_all":{"boost":1.0}}} Extra source information type: keyword example: Total hits type: keyword example: 42 Total queried shards type: keyword example: 22 Routing type: keyword example: s01HZ2QBk9jw4gtgaFtn Id type: keyword example: Type type: keyword example: doc Source of document that was indexed type: keyword The authentication realm the user was authenticated against type: keyword example: default_file The authentication realm the effective user was authenticated against type: keyword example: default_file The authentication type used to authenticate the user. One of TOKEN | REALM | API_KEY type: keyword example: REALM The id of the API key used type: keyword example: WzL_kb6VSvOhAq0twPvHOQ The name of the API key used type: keyword example: my-api-key