--- title: System fields description: System status metrics, like CPU and memory usage, that are collected from the operating system. Process metrics. system contains local system metrics... url: https://www.elastic.co/elastic/docs-builder/docs/3016/reference/beats/metricbeat/exported-fields-system products: - Beats - Metricbeat applies_to: - Elastic Cloud Serverless: Generally available - Elastic Stack: Generally available --- # System fields System status metrics, like CPU and memory usage, that are collected from the operating system. ## process Process metrics. The process state. For example: "running". type: keyword The percentage of CPU time spent by the process since the last event. This value is normalized by the number of CPU cores and it ranges from 0 to 1. type: scaled_float format: percent The time when the process was started. type: date The percentage of memory the process occupied in main memory (RAM). type: scaled_float format: percent ## system `system` contains local system metrics. ## core `system-core` contains CPU metrics for a single core of a multi-core system. CPU Core number. type: long Total active time spent by the core type: scaled_float format: percent The percentage of CPU time spent in user space. type: scaled_float format: percent The amount of CPU time spent in user space. type: long The percentage of CPU time spent in kernel space. type: scaled_float format: percent The amount of CPU time spent in kernel space. type: long The percentage of CPU time spent on low-priority processes. type: scaled_float format: percent The amount of CPU time spent on low-priority processes. type: long The percentage of CPU time spent idle. type: scaled_float format: percent The amount of CPU time spent idle. type: long The percentage of CPU time spent in wait (on disk). type: scaled_float format: percent The amount of CPU time spent in wait (on disk). type: long The percentage of CPU time spent servicing and handling hardware interrupts. type: scaled_float format: percent The amount of CPU time spent servicing and handling hardware interrupts. type: long The percentage of CPU time spent servicing and handling software interrupts. type: scaled_float format: percent The amount of CPU time spent servicing and handling software interrupts. type: long The percentage of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix. type: scaled_float format: percent The amount of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix. type: long CPU model number. Only availabe on Linux type: keyword CPU model name. Only availabe on Linux type: keyword CPU core current clock. Only availabe on Linux type: float CPU physical core ID. One core might might execute multiple threads, hence more than one `system.core.id` can share the same `system.core.core_id`. Only availabe on Linux type: keyword CPU core physical ID. Only availabe on Linux type: keyword ## cpu `cpu` contains local CPU stats. The number of CPU cores present on the host. The non-normalized percentages will have a maximum value of `100% * cores`. The normalized percentages already take this value into account and have a maximum value of 100%. type: long The percentage of CPU time spent in user space. On multi-core systems, you can have percentages that are greater than 100%. For example, if 3 cores are at 60% use, then the `system.cpu.user.pct` will be 180%. type: scaled_float format: percent The percentage of CPU time spent in kernel space. type: scaled_float format: percent The percentage of CPU time spent on low-priority processes. type: scaled_float format: percent The percentage of CPU time spent idle. type: scaled_float format: percent The percentage of CPU time spent in wait (on disk). type: scaled_float format: percent The percentage of CPU time spent servicing and handling hardware interrupts. type: scaled_float format: percent The percentage of CPU time spent servicing and handling software interrupts. type: scaled_float format: percent The percentage of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix. type: scaled_float format: percent The percentage of CPU time spent in states other than Idle and IOWait. type: scaled_float format: percent The percentage of CPU time spent in user space. type: scaled_float format: percent The percentage of CPU time spent in kernel space. type: scaled_float format: percent The percentage of CPU time spent on low-priority processes. type: scaled_float format: percent The percentage of CPU time spent idle. type: scaled_float format: percent The percentage of CPU time spent in wait (on disk). type: scaled_float format: percent The percentage of CPU time spent servicing and handling hardware interrupts. type: scaled_float format: percent The percentage of CPU time spent servicing and handling software interrupts. type: scaled_float format: percent The percentage of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix. type: scaled_float format: percent The percentage of CPU time in states other than Idle and IOWait, normalised by the number of cores. type: scaled_float format: percent The amount of CPU time spent in user space. type: long The amount of CPU time spent in kernel space. type: long The amount of CPU time spent on low-priority processes. type: long The amount of CPU time spent idle. type: long The amount of CPU time spent in wait (on disk). type: long The amount of CPU time spent servicing and handling hardware interrupts. type: long The amount of CPU time spent servicing and handling software interrupts. type: long The amount of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix. type: long ## diskio `disk` contains disk IO metrics collected from the operating system. The disk name. type: keyword example: sda1 The disk's serial number. This may not be provided by all operating systems. type: keyword The total number of reads completed successfully. type: long The total number of writes completed successfully. type: long The total number of bytes read successfully. On Linux this is the number of sectors read multiplied by an assumed sector size of 512. type: long format: bytes The total number of bytes written successfully. On Linux this is the number of sectors written multiplied by an assumed sector size of 512. type: long format: bytes The total number of milliseconds spent by all reads. type: long The total number of milliseconds spent by all writes. type: long The total number of of milliseconds spent doing I/Os. type: long The total number of I/Os in progress. type: long ## entropy Available system entropy The available bits of entropy type: long The percentage of available entropy, relative to the pool size of 4096 type: scaled_float format: percent ## filesystem `filesystem` contains local filesystem stats. The disk space available to an unprivileged user in bytes. type: long format: bytes The disk name. For example: `/dev/disk1` type: keyword The disk type. For example: `ext4`. In some case for Windows OS the value will be `unavailable` as access to this information is not allowed (ex. external disks). type: keyword The mounting point. For example: `/` type: keyword Total number of inodes on the system, which will be a combination of files, folders, symlinks, and devices. type: long The options present on the filesystem mount. type: keyword The disk space available in bytes. type: long format: bytes The number of free inodes in the file system. type: long The total disk space in bytes. type: long format: bytes The used disk space in bytes. type: long format: bytes The percentage of used disk space. type: scaled_float format: percent ## fsstat `system.fsstat` contains filesystem metrics aggregated from all mounted filesystems. Number of file systems found. type: long Total number of inodes on the system, which will be a combination of files, folders, symlinks, and devices. Not on Windows. type: long ## total_size Nested file system docs. Total free space. type: long format: bytes Total used space. type: long format: bytes Total space (used plus free). type: long format: bytes ## load CPU load averages. Load average for the last minute. type: scaled_float Load average for the last 5 minutes. type: scaled_float Load average for the last 15 minutes. type: scaled_float Load for the last minute divided by the number of cores. type: scaled_float Load for the last 5 minutes divided by the number of cores. type: scaled_float Load for the last 15 minutes divided by the number of cores. type: scaled_float The number of CPU cores present on the host. type: long ## memory `memory` contains local memory stats. Total memory. type: long format: bytes Used memory. type: long format: bytes The total amount of free memory in bytes. This value does not include memory consumed by system caches and buffers (see system.memory.actual.free). type: long format: bytes Total Cached memory on system. type: long format: bytes The percentage of used memory. type: scaled_float format: percent ## actual Actual memory used and free. Actual used memory in bytes. It represents the difference between the total and the available memory. The available memory depends on the OS. For more details, please check `system.actual.free`. type: long format: bytes Actual free memory in bytes. It is calculated based on the OS. On Linux this value will be MemAvailable from /proc/meminfo, or calculated from free memory plus caches and buffers if /proc/meminfo is not available. On OSX it is a sum of free memory and the inactive memory. On Windows, it is equal to `system.memory.free`. type: long format: bytes The percentage of actual used memory. type: scaled_float format: percent ## swap This group contains statistics related to the swap memory usage on the system. Total swap memory. type: long format: bytes Used swap memory. type: long format: bytes Available swap memory. type: long format: bytes The percentage of used swap memory. type: scaled_float format: percent ## zswap Metrics for the zswap compressed swap cache. Available on Linux when zswap is enabled. Current compressed size of data stored in zswap. type: long format: bytes Original uncompressed size of data stored in zswap. type: long format: bytes ## debug Detailed zswap statistics from /sys/kernel/debug/zswap. Requires debugfs to be mounted and accessible. Number of load or writeback attempts that failed due to decompression failure. type: long Number of times the zswap pool limit was hit, as configured by the zswap.max_pool_percent kernel parameter. type: long Total size of the zswap pool in bytes. type: long format: bytes Number of store attempts that failed because the underlying allocator could not get memory. type: long Number of store attempts that failed due to compression algorithm failure. type: long Number of store attempts rejected because the compressed page was too big for the allocator to optimally store. type: long Number of store attempts that failed because the entry metadata could not be allocated (rare). type: long Number of store attempts that failed due to a reclaim failure after pool limit was reached. type: long Number of incompressible pages currently stored in zswap. type: long Number of pages currently stored in zswap. type: long Number of pages written back from zswap to swap when pool limit was reached. type: long ## network `network` contains network IO metrics for a single network interface. The network interface name. type: keyword example: eth0 The number of bytes sent. type: long format: bytes The number of bytes received. type: long format: bytes The number of packets sent. type: long The number or packets received. type: long The number of errors while receiving. type: long The number of errors while sending. type: long The number of incoming packets that were dropped. type: long The number of outgoing packets that were dropped. This value is always 0 on Darwin and BSD because it is not reported by the operating system. type: long ## network_summary - Elastic Stack: Beta Metrics relating to global network activity IP counters type: object TCP counters type: object UDP counters type: object UDP Lite counters type: object ICMP counters type: object ## ntp - Elastic Stack: Beta since 9.2 `ntp` contains Network Time Protocol (NTP) metrics. The remote NTP server address. type: keyword The estimated offset of the local host's system clock relative to the server's clock (in ns). type: long ## process `process` contains process metadata, CPU metrics, and memory metrics. type: alias alias to: process.name The process state. For example: "running". type: keyword type: alias alias to: process.pid type: alias alias to: process.parent.pid type: alias alias to: process.pgid Number of threads in the process type: integer The full command-line used to start the process, including the arguments separated by space. type: keyword type: alias alias to: user.name type: alias alias to: process.working_directory The environment variables used to start the process. The data is available on FreeBSD, Linux, and OS X. type: object ## cpu CPU-specific statistics per process. The amount of CPU time the process spent in user space. type: long The value of CPU usage since starting the process. type: long The percentage of CPU time spent by the process since the last update. Its value is similar to the %CPU value of the process displayed by the top command on Unix systems. type: scaled_float format: percent The percentage of CPU time spent by the process since the last event. This value is normalized by the number of CPU cores and it ranges from 0 to 100%. type: scaled_float format: percent The amount of CPU time the process spent in kernel space. type: long The total CPU time spent by the process. type: long The time when the process was started. type: date ## memory Memory-specific statistics per process. The total virtual memory the process has. On Windows this represents the Commit Charge (the total amount of memory that the memory manager has committed for a running process) value in bytes for this process. type: long format: bytes The Resident Set Size. The amount of memory the process occupied in main memory (RAM). On Windows this represents the current working set size, in bytes. type: long format: bytes The percentage of memory the process occupied in main memory (RAM). type: scaled_float format: percent The shared memory the process uses. type: long format: bytes The swap memory used by the process (supported only on Linux kernel version 2.6.34+). type: long format: bytes ## io Disk I/O Metrics, as forwarded from /proc/[PID]/io. Available on Linux only. The number of bytes this process cancelled, or caused not to be written. type: long The number of bytes fetched from the storage layer. type: long The number of bytes written to the storage layer. type: long The number of bytes read from read(2) and similar syscalls. type: long The number of bytes sent to syscalls for writing. type: long The count of read-related syscalls. type: long The count of write-related syscalls. type: long ## fd File descriptor usage metrics. This set of metrics is available for Linux and FreeBSD. The number of file descriptors open by the process. type: long The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time. type: long The hard limit on the number of file descriptors opened by the process. The hard limit can only be raised by root. type: long ## cgroup Metrics and limits from the cgroup of which the task is a member. cgroup metrics are reported when the process has membership in a non-root cgroup. These metrics are only available on Linux. The ID common to all cgroups associated with this task. If there isn't a common ID used by all cgroups this field will be absent. type: keyword The path to the cgroup relative to the cgroup subsystem's mountpoint. If there isn't a common path used by all cgroups this field will be absent. type: keyword The version of cgroups reported for the process type: long ## cpu The cpu subsystem schedules CPU access for tasks in the cgroup. Access can be controlled by two separate schedulers, CFS and RT. CFS stands for completely fair scheduler which proportionally divides the CPU time between cgroups based on weight. RT stands for real time scheduler which sets a maximum amount of CPU time that processes in the cgroup can consume during a given period. In CPU under cgroups V2, the cgroup is merged with many of the metrics from cpuacct. In addition, per-scheduler metrics are gone in V2. ID of the cgroup. type: keyword Path to the cgroup relative to the cgroup subsystem's mountpoint. type: keyword ## stats cgroupv2 stats cgroups v2 usage in nanoseconds type: long cgroups v2 usage type: float cgroups v2 normalized usage type: float cgroups v2 cpu user time in nanoseconds type: long cgroups v2 cpu user time type: float cgroups v2 normalized cpu user time type: float cgroups v2 system time in nanoseconds type: long cgroups v2 system time type: float cgroups v2 normalized system time type: float Period of time in microseconds for how regularly a cgroup's access to CPU resources should be reallocated. type: long Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us). type: long An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher. type: long CPU weight for the cgroup (cgroupv2). Used by the CFS scheduler to determine the share of CPU time available to the cgroup. Valid values range from 1 to 10000. The default value is 100. type: long Period of time in microseconds for how regularly a cgroup's access to CPU resources is reallocated. type: long Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources. type: long Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed. type: long Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota). type: long The total time duration (in microseconds) for which tasks in a cgroup have been throttled, as reported by cgroupsv2 type: long The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled. type: long ## pressure Pressure (resource contention) stats. ## some Share of time in which at least some tasks are stalled on a given resource Pressure over 10 seconds type: float format: percent Pressure over 60 seconds type: float format: percent Pressure over 300 seconds type: float format: percent total Some pressure time type: long format: percent ## full Share of time in which all non-idle tasks are stalled on a given resource simultaneously Pressure over 10 seconds type: float format: percent Pressure over 60 seconds type: float format: percent Pressure over 300 seconds type: float format: percent total Full pressure time type: long ## cpuacct CPU accounting metrics. ID of the cgroup. type: keyword Path to the cgroup relative to the cgroup subsystem's mountpoint. type: keyword Total CPU time in nanoseconds consumed by all tasks in the cgroup. type: long CPU time of the cgroup as a percentage of overall CPU time. type: scaled_float CPU time of the cgroup as a percentage of overall CPU time, normalized by CPU count. This is functionally an average of time spent across individual CPUs. type: scaled_float CPU time consumed by tasks in user mode. type: long time the cgroup spent in user space, as a percentage of total CPU time type: scaled_float time the cgroup spent in user space, as a percentage of total CPU time, normalized by CPU count. type: scaled_float CPU time consumed by tasks in user (kernel) mode. type: long Time the cgroup spent in kernel space, as a percentage of total CPU time type: scaled_float Time the cgroup spent in kernel space, as a percentage of total CPU time, normalized by CPU count. type: scaled_float CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup. type: object ## memory Memory limits and metrics. ID of the cgroup. type: keyword Path to the cgroup relative to the cgroup subsystem's mountpoint. type: keyword Total memory usage by processes in the cgroup (in bytes). type: long format: bytes The maximum memory used by processes in the cgroup (in bytes). type: long format: bytes The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use. type: long format: bytes The number of times that the memory limit (mem.limit.bytes) was reached. type: long memory low threshhold type: long format: bytes memory high threshhold type: long format: bytes memory max threshhold type: long format: bytes ## mem.events number of times the controller tripped a given usage level low threshold type: long high threshold type: long max threshold type: long oom threshold type: long oom killer threshold type: long failed threshold type: long The sum of current memory usage plus swap space used by processes in the cgroup (in bytes). type: long format: bytes The maximum amount of memory and swap space used by processes in the cgroup (in bytes). type: long format: bytes The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use. type: long format: bytes memory low threshhold type: long format: bytes memory high threshhold type: long format: bytes memory max threshhold type: long format: bytes The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached. type: long ## memsw.events number of times the controller tripped a given usage level low threshold type: long high threshold type: long max threshold type: long oom threshold type: long oom killer threshold type: long failed threshold type: long Total kernel memory usage by processes in the cgroup (in bytes). type: long format: bytes The maximum kernel memory used by processes in the cgroup (in bytes). type: long format: bytes The maximum amount of kernel memory that tasks in the cgroup are allowed to use. type: long format: bytes The number of times that the memory limit (kmem.limit.bytes) was reached. type: long Total memory usage for TCP buffers in bytes. type: long format: bytes The maximum memory used for TCP buffers by processes in the cgroup (in bytes). type: long format: bytes The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use. type: long format: bytes The number of times that the memory limit (kmem_tcp.limit.bytes) was reached. type: long detailed memory IO stats type: object detailed memory IO stats type: object Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes. type: long format: bytes File-backed memory on active LRU list, in bytes. type: long format: bytes Page cache, including tmpfs (shmem), in bytes. type: long format: bytes Memory limit for the hierarchy that contains the memory cgroup, in bytes. type: long format: bytes Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes. type: long format: bytes Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes type: long format: bytes File-backed memory on inactive LRU list, in bytes. type: long format: bytes Size of memory-mapped mapped files, including tmpfs (shmem), in bytes. type: long format: bytes Number of times that a process in the cgroup triggered a page fault. type: long Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk. type: long Number of pages paged into memory. This is a counter. type: long Number of pages paged out of memory. This is a counter. type: long Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes. type: long format: bytes Number of bytes of anonymous transparent hugepages. type: long format: bytes Swap usage, in bytes. type: long format: bytes Memory that cannot be reclaimed, in bytes. type: long format: bytes ## pressure - Elastic Stack: Generally available since 9.3 Pressure (resource contention) stats. ## some - Elastic Stack: Generally available since 9.3 Share of time in which at least some tasks are stalled on a given resource Pressure over 10 seconds type: float format: percent Pressure over 60 seconds type: float format: percent Pressure over 300 seconds type: float format: percent total Some pressure time type: long ## full - Elastic Stack: Generally available since 9.3 Share of time in which all non-idle tasks are stalled on a given resource simultaneously Pressure over 10 seconds type: float format: percent Pressure over 60 seconds type: float format: percent Pressure over 300 seconds type: float format: percent total Full pressure time type: long ## blkio Block IO metrics. ID of the cgroup. type: keyword Path to the cgroup relative to the cgroup subsystems mountpoint. type: keyword Total number of bytes transferred to and from all block devices by processes in the cgroup. type: long format: bytes Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy. type: long ## io cgroup V2 IO Metrics, replacing blkio. ID of the cgroup. type: keyword Path to the cgroup relative to the cgroup subsystems mountpoint. type: keyword per-device IO usage stats type: object type: object per-device IO usage stats type: object per-device IO usage stats type: object ## pressure Pressure (resource contention) stats. ## full Share of time in which at least some tasks are stalled on a given resource Pressure over 10 seconds type: float format: percent Pressure over 60 seconds type: float format: percent Pressure over 300 seconds type: float format: percent total Some pressure time type: long ## some Share of time in which all tasks are stalled on a given resource Pressure over 10 seconds type: float format: percent Pressure over 60 seconds type: float format: percent Pressure over 300 seconds type: float total Some pressure time type: long ## process.summary Summary metrics for the processes running on the host. Total number of processes on this host. type: long Number of running processes on this host. type: long Number of idle processes on this host. type: long Number of sleeping processes on this host. type: long Number of stopped processes on this host. type: long Number of zombie processes on this host. type: long Number of dead processes on this host. It's very unlikely that it will appear but in some special situations it may happen. type: long Number of wakekill-state processes on this host. Only found on older Linux Kernel versions. type: long Number of wake-state processes on this host. Only found on older Linux Kernel versions. type: long Number of parked-state processes on this host. Only found on older Linux Kernel versions, or under certain conditions. type: long Number of processes for which the state couldn't be retrieved or is unknown. type: long ## threads Counts of individual threads on a system. Count of currently running threads. type: long Count of threads blocked by I/O. type: long ## raid raid Name of the device. type: keyword activity-state of the device. type: keyword The raid level of the device type: keyword Current sync action, if the RAID array is redundant type: keyword Number of active disks. type: long Total number of disks the device consists of. type: long Number of spared disks. type: long Number of failed disks. type: long map of raw disk states type: object Number of blocks the device holds, in 1024-byte blocks. type: long Number of blocks on the device that are in sync, in 1024-byte blocks. type: long ## service - Elastic Stack: Beta metrics for system services The name of the service type: keyword The load state of the service type: keyword The activity state of the service type: keyword The sub-state of the service type: keyword The timestamp of the last state change. If the service is active and running, this is its uptime. type: date The SIGCHLD code from the service's main process type: keyword The state of the unit file type: keyword The default state of the unit file type: keyword ## resources system metrics associated with the service CPU usage in nanoseconds type: long memory usage in bytes type: long number of tasks associated with the service type: long ## network network resource usage bytes in type: long format: bytes packets in type: long format: bytes packets out type: long bytes out type: long ## socket TCP sockets that are active. type: alias alias to: network.direction type: alias alias to: network.type Local IP address. This can be an IPv4 or IPv6 address. type: ip example: 192.0.2.1 or 2001:0DB8:ABED:8536::1 Local port. type: long example: 22 Remote IP address. This can be an IPv4 or IPv6 address. type: ip example: 192.0.2.1 or 2001:0DB8:ABED:8536::1 Remote port. type: long example: 22 PTR record associated with the remote IP. It is obtained via reverse IP lookup. type: keyword example: 76-211-117-36.nw.example.com. The effective top-level domain (eTLD) of the remote host plus one more label. For example, the eTLD+1 for "foo.bar.golang.org." is "golang.org.". The data for determining the eTLD comes from an embedded copy of the data from http://publicsuffix.org. type: keyword example: example.com. Error describing the cause of the reverse lookup failure. type: keyword type: alias alias to: process.pid type: alias alias to: process.name Full command line type: keyword type: alias alias to: process.executable type: alias alias to: user.id type: alias alias to: user.full_name ## socket.summary Summary metrics of open sockets in the host system ## all All connections All open connections type: integer All listening ports type: integer ## tcp All TCP connections Memory used by TCP sockets in bytes, based on number of allocated pages and system page size. Corresponds to limits set in /proc/sys/net/ipv4/tcp_mem. Only available on Linux. type: integer format: bytes ## all All TCP connections A count of all orphaned tcp sockets. Only available on Linux. type: integer All open TCP connections type: integer All TCP listening ports type: integer Number of established TCP connections type: integer Number of TCP connections in _close_wait_ state type: integer Number of TCP connections in _time_wait_ state type: integer Number of TCP connections in _syn_sent_ state type: integer Number of TCP connections in _syn_recv_ state type: integer Number of TCP connections in _fin_wait1_ state type: integer Number of TCP connections in _fin_wait2_ state type: integer Number of TCP connections in _last_ack_ state type: integer Number of TCP connections in _closing_ state type: integer ## udp All UDP connections Memory used by UDP sockets in bytes, based on number of allocated pages and system page size. Corresponds to limits set in /proc/sys/net/ipv4/udp_mem. Only available on Linux. type: integer format: bytes ## all All UDP connections All open UDP connections type: integer ## uptime `uptime` contains the operating system uptime metric. The OS uptime in milliseconds. type: long format: duration ## users - Elastic Stack: Beta Logged-in user session data The ID of the session type: keyword An associated logind seat type: keyword The DBus object path of the session type: keyword The type of the user session type: keyword A session associated with the service type: keyword A bool indicating a remote session type: boolean The current state of the session type: keyword The associated systemd scope type: keyword The root PID of the session type: long A remote host address for the session type: keyword