imre
September 9, 2015, 12:51am
1
Hi folks,
do you have a writeup on metrics formatting conventions?
I have looked at the topbeat and packetbeat entries in ES and it wasn't clear how it was decided that some information should have:
their own fields "client_port"
some were concatenated "proc.state"
some had an array ""http": {"code": 200}
There is also the source naming convention: Topbeat uses "shipper" as the source but Packetbeat has "server" and "shipper".
Do you have any guidance? Thanks!
Imre
andrewkroh
(Andrew Kroh)
September 9, 2015, 1:50am
2
Packetbeat has documentation on each of the exported fields and their meanings.
You might also find the developer guide helpful depending on what you are doing.
1 Like
imre
September 9, 2015, 2:31pm
3
andrewkroh:
developer guide
Thank you, the Packetbeat Exported Fields document was very helpful.
It's interesting how Topbeat doesn't implement some of the fields Packetbeat defines as Required: "status" and "path".
tudor
(Tudor Golubenco)
September 10, 2015, 7:28am
4
status
and path
are required in the context of Packetbeat. I don't think they should required for all Beats, I struggle to think what we should fill them for Topbeat.
imre
September 28, 2015, 2:15pm
5
Another thing about topbeat metric naming: ES2.0 doesn't accept field names with commas in it, so "proc.cpu" is an invalid format.
tudor
(Tudor Golubenco)
September 29, 2015, 9:03am
6
You are right, we've cleaned that in master and now there's field documentation as well. From this we generate this .