Logs definition

Stefan7 · March 7, 2023, 4:36pm

Greetings,
Can someone please direct me to a location where I can find a definition of logs?
Here's a preliminary list that I am trying to clarify:
'logs-elastic_agent'
'metrics-elastic_agent.elastic_agent '
'logs-elastic_agent.filebeat_input '
'metrics-elastic_agent.filebeat_input '
'logs-elastic_agent.filebeat '
'metrics-elastic_agent.filebeat '
'logs-elastic_agent.metricbeat '
'metrics-elastic_agent.metricbeat '
'metrics-system.cpu '
'metrics-system.diskio '
'metrics-system.filesystem '
'metrics-system.fsstat '
'metrics-system.load '
'metrics-system.memory '
'metrics-system.network '
'metrics-system.process '
'metrics-system.process.summary '
'metrics-system.socket_summary '
'metrics-system.uptime '
'logs-windows.powershell '
'logs-windows.powershell_operational '
'logs-windows.sysmon_operational '
'metrics-windows.perfmon '
'metrics-windows.service '
'logs-winlog.winlog'

Thank you!

simianhacker · March 7, 2023, 6:04pm

These all look like data streams coming from either Filebeat or Metricbeat. I'm assuming you're looking for the schema for each "module". Anything with the prefix of logs- you can assume is a Filebeat module and anything with the prefix of metrics- is a Metricbeat module.

Let's look at metrics-system.cpu first:

metrics- denotes that it's part of Metricbeat
system. denotes it's the system module
cpu is the dataset.

To find out the schema, take a look at the Metricbeat documentation here and click on "Exported Fields" to expand it in left hand navigation and pick "System fields" then scroll down to the "CPU" section.

There should also be coresponding documentation for anything with logs- prefix located under the Filebeat documentation.

Stefan7 · March 7, 2023, 6:34pm

Many thanks, Chris! I will follow up on the tracks you outlined.

Stefan7 · March 7, 2023, 7:24pm

Hi again Chris,

I was able to find the proper exported fields in the Metricbeat documentation (CPU was a good example), but cannot find the same with the logs- prefix in the Filebeat documentation. I was looking for a module elastic-agent and can't find any. Do you have any additional suggestion?
Many thanks!

simianhacker · March 7, 2023, 8:01pm

All I can find is this doc for the Elastic Agent logs and metrics: Monitor Elastic Agents | Fleet and Elastic Agent Guide [8.6] | Elastic

It might be easier to look at those feeds in Kibana via Discover and look at a sample document.

system · April 4, 2023, 8:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic Agent - Windows logs + Tagging Beats elastic-stack-security , winlogbeat , elastic-agent	5	1297	September 29, 2020
Elastic Agent System Integration Beats filebeat , elastic-agent	3	435	September 28, 2020
Metricbeat-* vs metrics-* Beats metricbeat	4	473	June 8, 2021
Elastic Agent -> Oracle Metrics / Oracle Logs via Filebeat to Logstash to Elasticsearch Beats elastic-agent	1	423	February 9, 2022
Where are the logs of beats- Filebeat, Metricbeat & packetbeat located in an elk server? Beats	6	965	May 26, 2017

Logs definition

Related topics