WARNING: Version 5.3 of Filebeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Nginx Fields
editNginx Fields
editModule for parsing the Nginx log files.
nginx Fields
editFields from the Nginx log files.
access Fields
editContains fields for the Nginx access logs.
nginx.access.remote_ip
edittype: keyword
Client IP address.
nginx.access.user_name
edittype: keyword
The user name used when basic authentication is used.
nginx.access.method
edittype: keyword
example: GET
The request HTTP method.
nginx.access.url
edittype: keyword
The request HTTP URL.
nginx.access.http_version
edittype: keyword
The HTTP version.
nginx.access.response_code
edittype: long
The HTTP response code.
nginx.access.body_sent.bytes
edittype: long
format: bytes
The number of bytes of the server response body.
nginx.access.referrer
edittype: keyword
The HTTP referrer.
nginx.access.agent
edittype: text
Contains the un-parsed user agent string. Only present if the user agent Elasticsearch plugin is not available or not used.
user_agent Fields
editContains the parsed User agent field. Only present if the user agent Elasticsearch plugin is available and used.
nginx.access.user_agent.device
edittype: keyword
The name of the physical device.
nginx.access.user_agent.major
edittype: long
The major version of the user agent.
nginx.access.user_agent.minor
edittype: long
The minor version of the user agent.
nginx.access.user_agent.patch
edittype: long
The patch version of the user agent.
nginx.access.user_agent.name
edittype: keyword
example: Chrome
The name of the user agent.
nginx.access.user_agent.os
edittype: keyword
The name of the operating system.
nginx.access.user_agent.os_major
edittype: long
The major version of the operating system.
nginx.access.user_agent.os_minor
edittype: long
The minor version of the operating system.
nginx.access.user_agent.os_name
edittype: keyword
The name of the operating system.
geoip Fields
editContains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.
nginx.access.geoip.continent_name
edittype: keyword
The name of the continent.
nginx.access.geoip.country_iso_code
edittype: keyword
Country ISO code.
nginx.access.geoip.location
edittype: geo_point
The longitude and latitude.
error Fields
editContains fields for the Nginx error logs.
nginx.error.level
edittype: keyword
Error level (e.g. error, critical).
nginx.error.pid
edittype: long
Process identifier (PID).
nginx.error.tid
edittype: long
Thread identifier.
nginx.error.connection_id
edittype: long
Connection identifier.
nginx.error.message
edittype: text
The error message