Logs definition

Greetings,
Can someone please direct me to a location where I can find a definition of logs?
Here's a preliminary list that I am trying to clarify:
'logs-elastic_agent'
'metrics-elastic_agent.elastic_agent '
'logs-elastic_agent.filebeat_input '
'metrics-elastic_agent.filebeat_input '
'logs-elastic_agent.filebeat '
'metrics-elastic_agent.filebeat '
'logs-elastic_agent.metricbeat '
'metrics-elastic_agent.metricbeat '
'metrics-system.cpu '
'metrics-system.diskio '
'metrics-system.filesystem '
'metrics-system.fsstat '
'metrics-system.load '
'metrics-system.memory '
'metrics-system.network '
'metrics-system.process '
'metrics-system.process.summary '
'metrics-system.socket_summary '
'metrics-system.uptime '
'logs-windows.powershell '
'logs-windows.powershell_operational '
'logs-windows.sysmon_operational '
'metrics-windows.perfmon '
'metrics-windows.service '
'logs-winlog.winlog'

Thank you!

These all look like data streams coming from either Filebeat or Metricbeat. I'm assuming you're looking for the schema for each "module". Anything with the prefix of logs- you can assume is a Filebeat module and anything with the prefix of metrics- is a Metricbeat module.

Let's look at metrics-system.cpu first:

• metrics- denotes that it's part of Metricbeat
• system. denotes it's the system module
• cpu is the dataset.

To find out the schema, take a look at the Metricbeat documentation here and click on "Exported Fields" to expand it in left hand navigation and pick "System fields" then scroll down to the "CPU" section.

There should also be coresponding documentation for anything with logs- prefix located under the Filebeat documentation.

Many thanks, Chris! I will follow up on the tracks you outlined.

Hi again Chris,

I was able to find the proper exported fields in the Metricbeat documentation (CPU was a good example), but cannot find the same with the logs- prefix in the Filebeat documentation. I was looking for a module elastic-agent and can't find any. Do you have any additional suggestion?
Many thanks!

All I can find is this doc for the Elastic Agent logs and metrics: Monitor Elastic Agents | Fleet and Elastic Agent Guide [8.6] | Elastic

It might be easier to look at those feeds in Kibana via Discover and look at a sample document.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.